Deploy emergent2api

README.md

@@ -7,7 +7,3 @@ sdk: docker
 app_port: 7860
 pinned: false
 ---
-
-# Emergent2API v0.2.0
-
-OpenAI/Anthropic-compatible API gateway backed by Emergent.sh account pool.

emergent2api/app.py

@@ -4,15 +4,17 @@ from __future__ import annotations
 import json
 import logging
 import os
+import pathlib
 
 from fastapi import FastAPI, Request
 from fastapi.middleware.cors import CORSMiddleware
-from fastapi.responses import JSONResponse
+from fastapi.responses import FileResponse, JSONResponse
 
 from .config import settings
 from . import database as db
 from .pool import pool
 from .routes import openai, anthropic, responses
+from .routes.admin import router as admin_router
 
 logging.basicConfig(
     level=logging.INFO,
@@ -43,11 +45,16 @@ app.add_middleware(
 async def auth_middleware(request: Request, call_next):
     path = request.url.path
 
-    # Skip auth for health check and docs
-    if path in ("/", "/health", "/docs", "/openapi.json", "/redoc"):
+    # Skip auth for health, docs, admin panel pages, and admin API (has its own cookie auth)
+    if (
+        path in ("/", "/health", "/docs", "/openapi.json", "/redoc")
+        or path.startswith("/admin")
+        or path.startswith("/v1/admin")
+        or path.startswith("/static")
+    ):
         return await call_next(request)
 
-    # Check API key
+    # Check API key for /v1/* API routes
     auth_header = request.headers.get("authorization", "")
     api_key = request.headers.get("x-api-key", "")
 
@@ -94,6 +101,9 @@ async def shutdown():
 app.include_router(openai.router)
 app.include_router(anthropic.router)
 app.include_router(responses.router)
+app.include_router(admin_router)
+
+_STATIC_DIR = pathlib.Path(__file__).parent / "static" / "admin"
 
 
 @app.get("/")
@@ -101,7 +111,7 @@ async def root():
     count = await pool.count()
     return {
         "service": "Emergent2API",
-        "version": "0.2.0",
+        "version": "0.3.0",
         "backend": settings.backend,
         "accounts": count,
         "endpoints": {
@@ -111,87 +121,35 @@ async def root():
                 "POST /v1/responses (OpenAI Response API)",
                 "GET  /v1/models",
             ],
-            "admin": [
-                "GET    /admin/accounts",
-                "POST   /admin/accounts",
-                "POST   /admin/accounts/import",
-                "POST   /admin/accounts/import-jsonl",
-                "DELETE /admin/accounts/{id}",
-                "POST   /admin/accounts/{id}/toggle",
-                "POST   /admin/accounts/{id}/refresh",
-                "POST   /admin/accounts/refresh-all",
-            ],
+            "admin": "/admin/",
         },
     }
 
 
-@app.get("/health")
-async def health():
-    count = await pool.count()
-    return {"status": "ok", "accounts": count}
-
-
-# ---------------------------------------------------------------------------
-# Admin endpoints
-# ---------------------------------------------------------------------------
-
-@app.get("/admin/accounts")
-async def admin_list_accounts(active_only: bool = False):
-    """List all accounts or only active ones."""
-    if active_only:
-        accounts = await db.get_active_accounts()
-    else:
-        accounts = await db.get_all_accounts()
-    return {
-        "total": len(accounts),
-        "accounts": [
-            {
-                "id": a["id"],
-                "email": a["email"],
-                "balance": a["balance"],
-                "is_active": a["is_active"],
-                "last_used": a["last_used"].isoformat() if a["last_used"] else None,
-                "created_at": a["created_at"].isoformat() if a["created_at"] else None,
-            }
-            for a in accounts
-        ],
-    }
+@app.get("/admin")
+@app.get("/admin/")
+async def admin_index():
+    return FileResponse(_STATIC_DIR / "login.html")
 
 
-@app.post("/admin/accounts")
-async def admin_add_account(request: Request):
-    """Add an account manually. Body: {email, password, jwt, refresh_token?, user_id?, balance?}"""
-    body = await request.json()
-    required = ["email", "password", "jwt"]
-    for f in required:
-        if f not in body:
-            return JSONResponse(status_code=400, content={"error": f"Missing required field: {f}"})
-    account_id = await db.upsert_account(body)
-    return {"id": account_id, "email": body["email"], "status": "added"}
+@app.get("/admin/{page}")
+async def admin_page(page: str):
+    html = _STATIC_DIR / f"{page}.html"
+    if html.is_file():
+        return FileResponse(html)
+    return FileResponse(_STATIC_DIR / "login.html")
 
 
-@app.post("/admin/accounts/import")
-async def admin_import_accounts(request: Request):
-    """Import accounts from JSON body. Body: {accounts: [{email, password, jwt, ...}, ...]}"""
-    body = await request.json()
-    accounts = body.get("accounts", [])
-    imported = 0
-    errors = []
-    for acct in accounts:
-        if "email" in acct and "password" in acct and "jwt" in acct:
-            try:
-                await db.upsert_account(acct)
-                imported += 1
-            except Exception as e:
-                errors.append({"email": acct.get("email"), "error": str(e)})
-        else:
-            errors.append({"email": acct.get("email", "?"), "error": "missing email/password/jwt"})
-    return {"imported": imported, "total_submitted": len(accounts), "errors": errors}
+@app.get("/health")
+async def health():
+    count = await pool.count()
+    return {"status": "ok", "accounts": count}
 
 
+# Legacy import endpoint (backward compat for CI push)
 @app.post("/admin/accounts/import-jsonl")
 async def admin_import_jsonl(request: Request):
-    """Import accounts from JSONL text. Body: {jsonl: "line1\\nline2\\n..."} or raw JSONL body."""
+    """Import accounts from JSONL text. Body: {jsonl: "..."} or raw JSONL body."""
     content_type = request.headers.get("content-type", "")
     if "application/json" in content_type:
         body = await request.json()
@@ -220,46 +178,6 @@ async def admin_import_jsonl(request: Request):
     return {"imported": imported, "total_lines": len(lines), "errors": errors}
 
 
-@app.delete("/admin/accounts/{account_id}")
-async def admin_delete_account(account_id: int):
-    """Permanently delete an account."""
-    await db.delete_account(account_id)
-    return {"id": account_id, "status": "deleted"}
-
-
-@app.post("/admin/accounts/{account_id}/toggle")
-async def admin_toggle_account(account_id: int):
-    """Toggle active/inactive status."""
-    new_state = await db.toggle_account(account_id)
-    return {"id": account_id, "is_active": new_state}
-
-
-@app.post("/admin/accounts/{account_id}/refresh")
-async def admin_refresh_jwt(account_id: int):
-    """Refresh JWT for a specific account."""
-    account = await db.get_account_by_id(account_id)
-    if not account:
-        return JSONResponse(status_code=404, content={"error": "Account not found"})
-    new_jwt = await pool.refresh_jwt(account)
-    if new_jwt:
-        return {"id": account_id, "email": account["email"], "status": "refreshed"}
-    return JSONResponse(status_code=500, content={"error": "JWT refresh failed"})
-
-
-@app.post("/admin/accounts/refresh-all")
-async def admin_refresh_all():
-    """Refresh JWTs for all active accounts."""
-    accounts = await db.get_active_accounts()
-    results = {"refreshed": 0, "failed": 0, "total": len(accounts)}
-    for acct in accounts:
-        new_jwt = await pool.refresh_jwt(acct)
-        if new_jwt:
-            results["refreshed"] += 1
-        else:
-            results["failed"] += 1
-    return results
-
-
 # ---------------------------------------------------------------------------
 # Entrypoint
 # ---------------------------------------------------------------------------

emergent2api/config.py

@@ -17,6 +17,7 @@ class Settings:
         "postgresql://neondb_owner:npg_cyGIuK58kePT@ep-muddy-sky-adych24h-pooler.c-2.us-east-1.aws.neon.tech/neondb?sslmode=require",
     ))
     port: int = field(default_factory=lambda: int(os.environ.get("PORT", "8000")))
+    admin_password: str = field(default_factory=lambda: os.environ.get("ADMIN_PASSWORD", "bk@3fd3E"))
 
     # Supabase constants
     supabase_anon_key: str = (

emergent2api/database.py

@@ -149,6 +149,62 @@ async def toggle_account(account_id: int) -> bool:
         return row["is_active"] if row else False
 
 
+async def batch_delete(account_ids: list[int]) -> int:
+    pool = await get_pool()
+    async with pool.acquire() as conn:
+        result = await conn.execute(
+            "DELETE FROM emergent_accounts WHERE id = ANY($1::int[])", account_ids
+        )
+        return int(result.split()[-1])
+
+
+async def batch_toggle(account_ids: list[int], active: bool) -> int:
+    pool = await get_pool()
+    async with pool.acquire() as conn:
+        result = await conn.execute(
+            "UPDATE emergent_accounts SET is_active = $2, updated_at = NOW() WHERE id = ANY($1::int[])",
+            account_ids, active,
+        )
+        return int(result.split()[-1])
+
+
+async def delete_inactive() -> int:
+    pool = await get_pool()
+    async with pool.acquire() as conn:
+        result = await conn.execute("DELETE FROM emergent_accounts WHERE is_active = FALSE")
+        return int(result.split()[-1])
+
+
+# ---------------------------------------------------------------------------
+# Config KV store
+# ---------------------------------------------------------------------------
+
+async def get_config(key: str) -> Optional[str]:
+    pool = await get_pool()
+    async with pool.acquire() as conn:
+        return await conn.fetchval(
+            "SELECT value FROM emergent_config WHERE key = $1", key
+        )
+
+
+async def set_config(key: str, value: str) -> None:
+    pool = await get_pool()
+    async with pool.acquire() as conn:
+        await conn.execute(
+            """INSERT INTO emergent_config (key, value, updated_at)
+               VALUES ($1, $2, NOW())
+               ON CONFLICT (key) DO UPDATE SET value = $2, updated_at = NOW()""",
+            key, value,
+        )
+
+
+async def get_all_config() -> dict[str, str]:
+    pool = await get_pool()
+    async with pool.acquire() as conn:
+        rows = await conn.fetch("SELECT key, value FROM emergent_config ORDER BY key")
+        return {r["key"]: r["value"] for r in rows}
+
+
 async def get_account_count() -> dict[str, int]:
     pool = await get_pool()
     async with pool.acquire() as conn:

emergent2api/routes/admin.py

@@ -0,0 +1,346 @@
+"""Admin API routes: login, token CRUD, import/export, connectivity test, config."""
+from __future__ import annotations
+
+import io
+import json
+import logging
+import secrets
+import zipfile
+from typing import Any
+
+from curl_cffi import requests as cffi_requests
+from fastapi import APIRouter, Request, Response
+from fastapi.responses import JSONResponse, StreamingResponse
+
+from ..config import settings
+from .. import database as db
+from ..pool import pool
+
+logger = logging.getLogger("emergent2api.admin")
+
+router = APIRouter(prefix="/v1/admin", tags=["admin"])
+
+COOKIE_NAME = "emergent_admin_session"
+_sessions: set[str] = set()
+
+
+def _check_session(request: Request) -> bool:
+    token = request.cookies.get(COOKIE_NAME, "")
+    return token in _sessions and bool(token)
+
+
+def _require_auth(request: Request) -> JSONResponse | None:
+    if not _check_session(request):
+        return JSONResponse(status_code=401, content={"error": "Not authenticated"})
+    return None
+
+
+# ---------------------------------------------------------------------------
+# Auth
+# ---------------------------------------------------------------------------
+
+@router.post("/login")
+async def login(request: Request):
+    body = await request.json()
+    pwd = body.get("password", "")
+    db_pwd = await db.get_config("admin_password")
+    expected = db_pwd or settings.admin_password
+    if pwd != expected:
+        return JSONResponse(status_code=403, content={"error": "Invalid password"})
+    token = secrets.token_urlsafe(32)
+    _sessions.add(token)
+    resp = JSONResponse(content={"ok": True})
+    resp.set_cookie(COOKIE_NAME, token, httponly=True, samesite="lax", max_age=86400 * 7)
+    return resp
+
+
+@router.post("/logout")
+async def logout(request: Request):
+    token = request.cookies.get(COOKIE_NAME, "")
+    _sessions.discard(token)
+    resp = JSONResponse(content={"ok": True})
+    resp.delete_cookie(COOKIE_NAME)
+    return resp
+
+
+@router.get("/verify")
+async def verify(request: Request):
+    if _check_session(request):
+        return {"authenticated": True}
+    return JSONResponse(status_code=401, content={"authenticated": False})
+
+
+# ---------------------------------------------------------------------------
+# Token (account) management
+# ---------------------------------------------------------------------------
+
+@router.get("/tokens")
+async def list_tokens(request: Request):
+    err = _require_auth(request)
+    if err:
+        return err
+    accounts = await db.get_all_accounts()
+    return {
+        "total": len(accounts),
+        "active": sum(1 for a in accounts if a["is_active"]),
+        "tokens": [
+            {
+                "id": a["id"],
+                "email": a["email"],
+                "balance": a["balance"],
+                "is_active": a["is_active"],
+                "last_used": a["last_used"].isoformat() if a["last_used"] else None,
+                "created_at": a["created_at"].isoformat() if a["created_at"] else None,
+            }
+            for a in accounts
+        ],
+    }
+
+
+@router.post("/tokens/import")
+async def import_tokens(request: Request):
+    """Import accounts from JSONL text: {jsonl: "..."}"""
+    err = _require_auth(request)
+    if err:
+        return err
+    body = await request.json()
+    raw = body.get("jsonl", "")
+    lines = raw.strip().splitlines()
+    imported, errors = 0, []
+    for i, line in enumerate(lines):
+        line = line.strip()
+        if not line:
+            continue
+        try:
+            acct = json.loads(line)
+            if "email" in acct and "password" in acct and "jwt" in acct:
+                await db.upsert_account(acct)
+                imported += 1
+            else:
+                errors.append({"line": i + 1, "error": "missing required fields"})
+        except Exception as e:
+            errors.append({"line": i + 1, "error": str(e)})
+    return {"imported": imported, "errors": errors}
+
+
+@router.post("/tokens/import-zip")
+async def import_zip(request: Request):
+    """Import from zip containing accounts.jsonl or individual .json files."""
+    err = _require_auth(request)
+    if err:
+        return err
+    body = await request.body()
+    imported, errors = 0, []
+    try:
+        with zipfile.ZipFile(io.BytesIO(body)) as zf:
+            for name in zf.namelist():
+                raw = zf.read(name).decode("utf-8", errors="replace")
+                if name.endswith(".jsonl") or name == "accounts.jsonl":
+                    for line in raw.strip().splitlines():
+                        line = line.strip()
+                        if not line:
+                            continue
+                        try:
+                            acct = json.loads(line)
+                            if "email" in acct and "jwt" in acct:
+                                await db.upsert_account(acct)
+                                imported += 1
+                        except Exception as e:
+                            errors.append({"file": name, "error": str(e)})
+                elif name.endswith(".json"):
+                    try:
+                        acct = json.loads(raw)
+                        if "email" in acct and "jwt" in acct:
+                            await db.upsert_account(acct)
+                            imported += 1
+                    except Exception as e:
+                        errors.append({"file": name, "error": str(e)})
+    except Exception as e:
+        return JSONResponse(status_code=400, content={"error": f"Invalid zip: {e}"})
+    return {"imported": imported, "errors": errors}
+
+
+@router.get("/tokens/export")
+async def export_tokens(request: Request):
+    """Download all accounts as a zip (accounts.jsonl + tokens.txt)."""
+    err = _require_auth(request)
+    if err:
+        return err
+    accounts = await db.get_all_accounts()
+    buf = io.BytesIO()
+    with zipfile.ZipFile(buf, "w", zipfile.ZIP_DEFLATED) as zf:
+        jsonl_lines = []
+        jwt_lines = []
+        for a in accounts:
+            row = {
+                "email": a["email"], "password": a["password"],
+                "jwt": a["jwt"], "refresh_token": a.get("refresh_token", ""),
+                "user_id": a.get("user_id", ""), "balance": a["balance"],
+                "is_active": a["is_active"],
+            }
+            jsonl_lines.append(json.dumps(row, ensure_ascii=False))
+            if a["jwt"]:
+                jwt_lines.append(a["jwt"])
+        zf.writestr("accounts.jsonl", "\n".join(jsonl_lines) + "\n")
+        zf.writestr("tokens.txt", "\n".join(jwt_lines) + "\n")
+    buf.seek(0)
+    return StreamingResponse(
+        buf,
+        media_type="application/zip",
+        headers={"Content-Disposition": "attachment; filename=emergent_accounts.zip"},
+    )
+
+
+@router.post("/tokens/test")
+async def test_tokens(request: Request):
+    """Test connectivity for selected account IDs."""
+    err = _require_auth(request)
+    if err:
+        return err
+    body = await request.json()
+    ids = body.get("ids", [])
+    results = []
+    for aid in ids:
+        acct = await db.get_account_by_id(aid)
+        if not acct:
+            results.append({"id": aid, "status": "not_found"})
+            continue
+        try:
+            s = cffi_requests.Session(impersonate="chrome")
+            if settings.proxy:
+                s.proxies = {"http": settings.proxy, "https": settings.proxy}
+            resp = s.post(
+                f"{settings.auth_base}/token?grant_type=password",
+                json={"email": acct["email"], "password": acct["password"], "gotrue_meta_security": {}},
+                headers={
+                    "Apikey": settings.supabase_anon_key,
+                    "Authorization": f"Bearer {settings.supabase_anon_key}",
+                    "X-Client-Info": "supabase-js-web/2.45.4",
+                },
+                timeout=15,
+            )
+            if resp.status_code == 200:
+                data = resp.json()
+                new_jwt = data.get("access_token", "")
+                if new_jwt:
+                    await db.update_jwt(aid, new_jwt, data.get("refresh_token", ""))
+                results.append({"id": aid, "email": acct["email"], "status": "ok"})
+            else:
+                results.append({"id": aid, "email": acct["email"], "status": "failed", "code": resp.status_code})
+        except Exception as e:
+            results.append({"id": aid, "email": acct["email"], "status": "error", "detail": str(e)})
+    return {"results": results}
+
+
+@router.post("/tokens/refresh")
+async def refresh_tokens(request: Request):
+    """Refresh JWT for selected account IDs."""
+    err = _require_auth(request)
+    if err:
+        return err
+    body = await request.json()
+    ids = body.get("ids", [])
+    ok, fail = 0, 0
+    for aid in ids:
+        acct = await db.get_account_by_id(aid)
+        if not acct:
+            fail += 1
+            continue
+        new_jwt = await pool.refresh_jwt(acct)
+        if new_jwt:
+            ok += 1
+        else:
+            fail += 1
+    return {"refreshed": ok, "failed": fail}
+
+
+@router.post("/tokens/delete")
+async def delete_tokens(request: Request):
+    """Batch delete accounts by IDs."""
+    err = _require_auth(request)
+    if err:
+        return err
+    body = await request.json()
+    ids = body.get("ids", [])
+    if not ids:
+        return {"deleted": 0}
+    count = await db.batch_delete(ids)
+    return {"deleted": count}
+
+
+@router.post("/tokens/toggle")
+async def toggle_tokens(request: Request):
+    """Batch set active status. Body: {ids: [...], active: bool}"""
+    err = _require_auth(request)
+    if err:
+        return err
+    body = await request.json()
+    ids = body.get("ids", [])
+    active = body.get("active", True)
+    if not ids:
+        return {"updated": 0}
+    count = await db.batch_toggle(ids, active)
+    return {"updated": count}
+
+
+@router.post("/tokens/delete-inactive")
+async def delete_inactive(request: Request):
+    err = _require_auth(request)
+    if err:
+        return err
+    count = await db.delete_inactive()
+    return {"deleted": count}
+
+
+# ---------------------------------------------------------------------------
+# Config
+# ---------------------------------------------------------------------------
+
+@router.get("/config")
+async def get_config(request: Request):
+    err = _require_auth(request)
+    if err:
+        return err
+    db_config = await db.get_all_config()
+    return {
+        "api_key": db_config.get("api_key", settings.api_key),
+        "backend": db_config.get("backend", settings.backend),
+        "proxy": db_config.get("proxy", settings.proxy),
+        "poll_interval": db_config.get("poll_interval", str(settings.poll_interval)),
+        "poll_timeout": db_config.get("poll_timeout", str(settings.poll_timeout)),
+        "admin_password": db_config.get("admin_password", settings.admin_password),
+    }
+
+
+@router.post("/config")
+async def update_config(request: Request):
+    err = _require_auth(request)
+    if err:
+        return err
+    body = await request.json()
+    allowed = {"api_key", "backend", "proxy", "poll_interval", "poll_timeout", "admin_password"}
+    saved = []
+    for key, value in body.items():
+        if key in allowed:
+            await db.set_config(key, str(value))
+            if key == "api_key":
+                settings.api_key = str(value)
+            elif key == "backend":
+                settings.backend = str(value)
+            elif key == "proxy":
+                settings.proxy = str(value)
+            elif key == "admin_password":
+                settings.admin_password = str(value)
+            saved.append(key)
+    return {"saved": saved}
+
+
+@router.post("/config/generate-key")
+async def generate_api_key(request: Request):
+    err = _require_auth(request)
+    if err:
+        return err
+    new_key = f"sk-{secrets.token_urlsafe(24)}"
+    await db.set_config("api_key", new_key)
+    settings.api_key = new_key
+    return {"api_key": new_key}

emergent2api/static/admin/config.html

@@ -0,0 +1,112 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1">
+<title>Emergent2API - Config</title>
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;background:#f5f5f5;color:#1a1a1a}
+nav{background:#fff;border-bottom:1px solid #e5e5e5;padding:0 24px;display:flex;align-items:center;height:56px;position:sticky;top:0;z-index:10}
+nav .brand{font-weight:700;font-size:18px;margin-right:32px;color:#4f46e5}
+nav a{text-decoration:none;color:#666;padding:16px 12px;font-size:14px;border-bottom:2px solid transparent;transition:all .2s}
+nav a:hover{color:#1a1a1a}nav a.active{color:#4f46e5;border-bottom-color:#4f46e5;font-weight:600}
+nav .spacer{flex:1}
+nav .logout{color:#ef4444;cursor:pointer;font-size:13px}
+.container{max-width:700px;margin:0 auto;padding:28px 24px}
+.card{background:#fff;border-radius:10px;box-shadow:0 1px 4px rgba(0,0,0,.06);padding:28px;margin-bottom:20px}
+.card h2{font-size:17px;margin-bottom:18px;padding-bottom:10px;border-bottom:1px solid #f0f0f0}
+.field{margin-bottom:18px}
+.field label{display:block;font-size:13px;font-weight:600;color:#555;margin-bottom:6px}
+.field input,.field select{width:100%;padding:10px 14px;border:1px solid #ddd;border-radius:6px;font-size:14px;outline:none;transition:border .2s}
+.field input:focus,.field select:focus{border-color:#4f46e5}
+.field .hint{font-size:11px;color:#aaa;margin-top:4px}
+.row{display:flex;gap:10px;align-items:end}
+.row .field{flex:1}
+.btn{padding:10px 20px;border:none;border-radius:6px;font-size:14px;cursor:pointer;font-weight:500;transition:all .2s}
+.btn-primary{background:#4f46e5;color:#fff}.btn-primary:hover{background:#4338ca}
+.btn-outline{background:#fff;color:#333;border:1px solid #ddd}.btn-outline:hover{background:#f3f4f6}
+.actions{display:flex;gap:10px;justify-content:flex-end;margin-top:6px}
+.toast{position:fixed;bottom:24px;right:24px;background:#1a1a1a;color:#fff;padding:12px 20px;border-radius:8px;font-size:13px;z-index:30;opacity:0;transition:opacity .3s}
+.toast.show{opacity:1}
+</style>
+</head>
+<body>
+<nav>
+  <span class="brand">Emergent2API</span>
+  <a href="/admin/token">Token Management</a>
+  <a href="/admin/config" class="active">Config</a>
+  <a href="/admin/docs">Usage Docs</a>
+  <span class="spacer"></span>
+  <span class="logout" onclick="logout()">Logout</span>
+</nav>
+<div class="container">
+  <div class="card">
+    <h2>API Settings</h2>
+    <div class="row">
+      <div class="field"><label>API Key</label><input id="api_key" placeholder="sk-..."></div>
+      <div style="padding-bottom:18px"><span class="btn btn-outline" onclick="genKey()">Generate</span></div>
+    </div>
+    <div class="field">
+      <label>Backend</label>
+      <select id="backend"><option value="jobs">Jobs API (no IP restriction)</option><option value="integrations">Integrations API (faster, needs US proxy)</option></select>
+    </div>
+    <div class="field"><label>Proxy</label><input id="proxy" placeholder="http://user:pass@host:port"><div class="hint">Required for Integrations backend; optional for Jobs</div></div>
+    <div class="row">
+      <div class="field"><label>Poll Interval (s)</label><input id="poll_interval" type="number" min="1"></div>
+      <div class="field"><label>Poll Timeout (s)</label><input id="poll_timeout" type="number" min="10"></div>
+    </div>
+  </div>
+  <div class="card">
+    <h2>Admin Settings</h2>
+    <div class="field"><label>Admin Password</label><input id="admin_password" type="password"></div>
+  </div>
+  <div class="actions">
+    <span class="btn btn-outline" onclick="load()">Reset</span>
+    <span class="btn btn-primary" onclick="save()">Save Changes</span>
+  </div>
+</div>
+<div class="toast" id="toast"></div>
+<script>
+const API='/v1/admin';
+function toast(msg,dur=3000){const t=document.getElementById('toast');t.textContent=msg;t.classList.add('show');setTimeout(()=>t.classList.remove('show'),dur)}
+
+async function api(path,opts={}){
+  const r=await fetch(API+path,opts);
+  if(r.status===401){window.location.href='/admin/login';return null}
+  return r;
+}
+
+async function load(){
+  const r=await api('/config');if(!r)return;
+  const d=await r.json();
+  document.getElementById('api_key').value=d.api_key||'';
+  document.getElementById('backend').value=d.backend||'jobs';
+  document.getElementById('proxy').value=d.proxy||'';
+  document.getElementById('poll_interval').value=d.poll_interval||'5';
+  document.getElementById('poll_timeout').value=d.poll_timeout||'120';
+  document.getElementById('admin_password').value=d.admin_password||'';
+}
+
+async function save(){
+  const body={
+    api_key:document.getElementById('api_key').value,
+    backend:document.getElementById('backend').value,
+    proxy:document.getElementById('proxy').value,
+    poll_interval:document.getElementById('poll_interval').value,
+    poll_timeout:document.getElementById('poll_timeout').value,
+    admin_password:document.getElementById('admin_password').value,
+  };
+  const r=await api('/config',{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify(body)});
+  if(r){const d=await r.json();toast(`Saved: ${d.saved.join(', ')}`)}
+}
+
+async function genKey(){
+  const r=await api('/config/generate-key',{method:'POST'});
+  if(r){const d=await r.json();document.getElementById('api_key').value=d.api_key;toast('New key generated')}
+}
+
+async function logout(){await api('/logout',{method:'POST'});window.location.href='/admin/login'}
+load();
+</script>
+</body>
+</html>

emergent2api/static/admin/docs.html

@@ -0,0 +1,145 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1">
+<title>Emergent2API - Usage Docs</title>
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;background:#f5f5f5;color:#1a1a1a}
+nav{background:#fff;border-bottom:1px solid #e5e5e5;padding:0 24px;display:flex;align-items:center;height:56px;position:sticky;top:0;z-index:10}
+nav .brand{font-weight:700;font-size:18px;margin-right:32px;color:#4f46e5}
+nav a{text-decoration:none;color:#666;padding:16px 12px;font-size:14px;border-bottom:2px solid transparent;transition:all .2s}
+nav a:hover{color:#1a1a1a}nav a.active{color:#4f46e5;border-bottom-color:#4f46e5;font-weight:600}
+nav .spacer{flex:1}
+nav .logout{color:#ef4444;cursor:pointer;font-size:13px}
+.container{max-width:800px;margin:0 auto;padding:28px 24px}
+.card{background:#fff;border-radius:10px;box-shadow:0 1px 4px rgba(0,0,0,.06);padding:28px;margin-bottom:20px}
+.card h2{font-size:17px;margin-bottom:14px;color:#4f46e5}
+.card h3{font-size:14px;margin:16px 0 8px;color:#333}
+p{font-size:14px;line-height:1.6;color:#555;margin-bottom:8px}
+pre{background:#1a1a2e;color:#e2e8f0;padding:16px;border-radius:8px;overflow-x:auto;font-size:12px;line-height:1.5;margin:8px 0 14px}
+code{font-family:'SFMono-Regular',Consolas,monospace;font-size:12px}
+.inline-code{background:#f1f5f9;padding:2px 6px;border-radius:4px;color:#4f46e5;font-size:13px}
+table{width:100%;border-collapse:collapse;margin:8px 0 14px;font-size:13px}
+th{text-align:left;padding:8px 12px;background:#f9fafb;color:#888;font-weight:600;border-bottom:1px solid #eee}
+td{padding:8px 12px;border-bottom:1px solid #f3f3f3}
+td code{background:#f1f5f9;padding:1px 4px;border-radius:3px}
+</style>
+</head>
+<body>
+<nav>
+  <span class="brand">Emergent2API</span>
+  <a href="/admin/token">Token Management</a>
+  <a href="/admin/config">Config</a>
+  <a href="/admin/docs" class="active">Usage Docs</a>
+  <span class="spacer"></span>
+  <span class="logout" onclick="logout()">Logout</span>
+</nav>
+<div class="container">
+
+<div class="card">
+<h2>Quick Start</h2>
+<p>Emergent2API exposes Emergent.sh accounts as standard OpenAI and Anthropic-compatible API endpoints. Use your configured API key in the <span class="inline-code">Authorization</span> header.</p>
+<pre>Base URL: https://&lt;your-host&gt;/v1
+API Key:  sk-6loA0HwMQP1mdhPvI  (default, changeable in Config)</pre>
+</div>
+
+<div class="card">
+<h2>Available Models</h2>
+<table>
+<tr><th>Model ID</th><th>Description</th></tr>
+<tr><td><code>claude-opus-4-6</code></td><td>Claude Opus 4.6 (full, uncapped)</td></tr>
+<tr><td><code>claude-sonnet-4-5</code></td><td>Claude Sonnet 4.5</td></tr>
+<tr><td><code>claude-sonnet-4-5-thinking</code></td><td>Claude Sonnet 4.5 with extended thinking</td></tr>
+</table>
+</div>
+
+<div class="card">
+<h2>API Endpoints</h2>
+<table>
+<tr><th>Method</th><th>Endpoint</th><th>Format</th></tr>
+<tr><td>POST</td><td><code>/v1/chat/completions</code></td><td>OpenAI Chat Completions</td></tr>
+<tr><td>POST</td><td><code>/v1/messages</code></td><td>Anthropic Messages</td></tr>
+<tr><td>POST</td><td><code>/v1/responses</code></td><td>OpenAI Response API</td></tr>
+<tr><td>GET</td><td><code>/v1/models</code></td><td>Model list</td></tr>
+</table>
+</div>
+
+<div class="card">
+<h2>Examples</h2>
+
+<h3>OpenAI Chat (curl)</h3>
+<pre>curl -X POST https://your-host/v1/chat/completions \
+  -H "Authorization: Bearer sk-6loA0HwMQP1mdhPvI" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "model": "claude-opus-4-6",
+    "messages": [
+      {"role": "user", "content": "Hello!"}
+    ],
+    "stream": true
+  }'</pre>
+
+<h3>Anthropic Messages (curl)</h3>
+<pre>curl -X POST https://your-host/v1/messages \
+  -H "x-api-key: sk-6loA0HwMQP1mdhPvI" \
+  -H "Content-Type: application/json" \
+  -H "anthropic-version: 2023-06-01" \
+  -d '{
+    "model": "claude-opus-4-6",
+    "max_tokens": 1024,
+    "messages": [
+      {"role": "user", "content": "Hello!"}
+    ]
+  }'</pre>
+
+<h3>Python (OpenAI SDK)</h3>
+<pre>from openai import OpenAI
+
+client = OpenAI(
+    api_key="sk-6loA0HwMQP1mdhPvI",
+    base_url="https://your-host/v1"
+)
+
+response = client.chat.completions.create(
+    model="claude-opus-4-6",
+    messages=[{"role": "user", "content": "Hello!"}],
+    stream=True
+)
+for chunk in response:
+    print(chunk.choices[0].delta.content or "", end="")</pre>
+</div>
+
+<div class="card">
+<h2>CherryStudio Configuration</h2>
+<p>1. Open CherryStudio → Settings → Model Provider → Add Custom Provider</p>
+<p>2. Set the following:</p>
+<table>
+<tr><th>Field</th><th>Value</th></tr>
+<tr><td>Base URL</td><td><code>https://your-host/v1</code></td></tr>
+<tr><td>API Key</td><td><code>sk-6loA0HwMQP1mdhPvI</code></td></tr>
+<tr><td>Model</td><td><code>claude-opus-4-6</code></td></tr>
+</table>
+<p>3. Enable "Stream" mode for real-time responses.</p>
+</div>
+
+<div class="card">
+<h2>Batch Import via CLI</h2>
+<p>Import accounts from a zip artifact (produced by GitHub Actions):</p>
+<pre>curl -X POST https://your-host/v1/admin/tokens/import-zip \
+  -H "Cookie: emergent_admin_session=YOUR_SESSION" \
+  -H "Content-Type: application/octet-stream" \
+  --data-binary @0316Emergent.zip</pre>
+<p>Or import JSONL text directly:</p>
+<pre>curl -X POST https://your-host/v1/admin/tokens/import \
+  -H "Cookie: emergent_admin_session=YOUR_SESSION" \
+  -H "Content-Type: application/json" \
+  -d '{"jsonl": "{\"email\":\"a@b.com\",\"password\":\"p\",\"jwt\":\"j\"}\n..."}'</pre>
+</div>
+
+</div>
+<script>
+async function logout(){await fetch('/v1/admin/logout',{method:'POST'});window.location.href='/admin/login'}
+</script>
+</body>
+</html>

emergent2api/static/admin/login.html

@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1">
+<title>Emergent2API - Login</title>
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;background:#f5f5f5;display:flex;align-items:center;justify-content:center;min-height:100vh}
+.card{background:#fff;border-radius:12px;box-shadow:0 2px 12px rgba(0,0,0,.08);padding:40px;width:380px;text-align:center}
+.card h1{font-size:22px;margin-bottom:6px;color:#1a1a1a}
+.card p{color:#888;font-size:14px;margin-bottom:28px}
+input{width:100%;padding:12px 16px;border:1px solid #ddd;border-radius:8px;font-size:15px;outline:none;transition:border .2s}
+input:focus{border-color:#4f46e5}
+button{width:100%;padding:12px;background:#4f46e5;color:#fff;border:none;border-radius:8px;font-size:15px;cursor:pointer;margin-top:16px;transition:background .2s}
+button:hover{background:#4338ca}
+.err{color:#ef4444;font-size:13px;margin-top:12px;display:none}
+</style>
+</head>
+<body>
+<div class="card">
+  <h1>Emergent2API</h1>
+  <p>Admin Panel Login</p>
+  <input type="password" id="pwd" placeholder="Admin Password" autofocus>
+  <button onclick="doLogin()">Login</button>
+  <div class="err" id="err">Invalid password</div>
+</div>
+<script>
+const API='/v1/admin';
+document.getElementById('pwd').addEventListener('keydown',e=>{if(e.key==='Enter')doLogin()});
+async function doLogin(){
+  const pwd=document.getElementById('pwd').value;
+  try{
+    const r=await fetch(API+'/login',{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify({password:pwd})});
+    if(r.ok){window.location.href='/admin/token'}
+    else{document.getElementById('err').style.display='block'}
+  }catch(e){document.getElementById('err').style.display='block'}
+}
+</script>
+</body>
+</html>

emergent2api/static/admin/token.html

@@ -0,0 +1,204 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1">
+<title>Emergent2API - Token Management</title>
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;background:#f5f5f5;color:#1a1a1a}
+nav{background:#fff;border-bottom:1px solid #e5e5e5;padding:0 24px;display:flex;align-items:center;height:56px;position:sticky;top:0;z-index:10}
+nav .brand{font-weight:700;font-size:18px;margin-right:32px;color:#4f46e5}
+nav a{text-decoration:none;color:#666;padding:16px 12px;font-size:14px;border-bottom:2px solid transparent;transition:all .2s}
+nav a:hover{color:#1a1a1a}nav a.active{color:#4f46e5;border-bottom-color:#4f46e5;font-weight:600}
+nav .spacer{flex:1}
+nav .logout{color:#ef4444;cursor:pointer;font-size:13px}
+.container{max-width:1200px;margin:0 auto;padding:20px 24px}
+.toolbar{display:flex;gap:10px;margin-bottom:16px;flex-wrap:wrap;align-items:center}
+.toolbar select,.toolbar input{padding:8px 12px;border:1px solid #ddd;border-radius:6px;font-size:13px;background:#fff}
+.btn{padding:8px 16px;border:none;border-radius:6px;font-size:13px;cursor:pointer;font-weight:500;transition:all .2s}
+.btn-primary{background:#4f46e5;color:#fff}.btn-primary:hover{background:#4338ca}
+.btn-danger{background:#ef4444;color:#fff}.btn-danger:hover{background:#dc2626}
+.btn-warning{background:#f59e0b;color:#fff}.btn-warning:hover{background:#d97706}
+.btn-success{background:#10b981;color:#fff}.btn-success:hover{background:#059669}
+.btn-outline{background:#fff;color:#333;border:1px solid #ddd}.btn-outline:hover{background:#f3f4f6}
+.stats{display:flex;gap:16px;margin-bottom:16px}
+.stat{background:#fff;border-radius:8px;padding:16px 20px;box-shadow:0 1px 4px rgba(0,0,0,.06);flex:1}
+.stat .num{font-size:28px;font-weight:700;color:#4f46e5}.stat .label{font-size:12px;color:#888;margin-top:4px}
+table{width:100%;border-collapse:collapse;background:#fff;border-radius:8px;overflow:hidden;box-shadow:0 1px 4px rgba(0,0,0,.06)}
+th{text-align:left;padding:10px 14px;font-size:12px;color:#888;background:#fafafa;font-weight:600;border-bottom:1px solid #eee}
+td{padding:10px 14px;font-size:13px;border-bottom:1px solid #f3f3f3}
+tr:hover td{background:#fafafe}
+.badge{padding:2px 8px;border-radius:10px;font-size:11px;font-weight:600}
+.badge-ok{background:#d1fae5;color:#059669}.badge-off{background:#fee2e2;color:#ef4444}
+.modal{display:none;position:fixed;top:0;left:0;width:100%;height:100%;background:rgba(0,0,0,.4);z-index:20;align-items:center;justify-content:center}
+.modal.open{display:flex}
+.modal-box{background:#fff;border-radius:12px;padding:28px;width:520px;max-height:80vh;overflow-y:auto;box-shadow:0 8px 30px rgba(0,0,0,.15)}
+.modal-box h3{margin-bottom:14px;font-size:17px}
+textarea{width:100%;height:200px;padding:10px;border:1px solid #ddd;border-radius:6px;font-size:12px;font-family:monospace;resize:vertical}
+.modal-actions{display:flex;gap:8px;justify-content:flex-end;margin-top:14px}
+input[type="checkbox"]{width:16px;height:16px;cursor:pointer}
+.toast{position:fixed;bottom:24px;right:24px;background:#1a1a1a;color:#fff;padding:12px 20px;border-radius:8px;font-size:13px;z-index:30;opacity:0;transition:opacity .3s}
+.toast.show{opacity:1}
+</style>
+</head>
+<body>
+<nav>
+  <span class="brand">Emergent2API</span>
+  <a href="/admin/token" class="active">Token Management</a>
+  <a href="/admin/config">Config</a>
+  <a href="/admin/docs">Usage Docs</a>
+  <span class="spacer"></span>
+  <span class="logout" onclick="logout()">Logout</span>
+</nav>
+<div class="container">
+  <div class="stats">
+    <div class="stat"><div class="num" id="s-total">-</div><div class="label">Total Tokens</div></div>
+    <div class="stat"><div class="num" id="s-active">-</div><div class="label">Active</div></div>
+    <div class="stat"><div class="num" id="s-inactive">-</div><div class="label">Inactive</div></div>
+  </div>
+  <div class="toolbar">
+    <select id="filter" onchange="render()">
+      <option value="all">All</option>
+      <option value="active">Active</option>
+      <option value="inactive">Inactive</option>
+    </select>
+    <span class="btn btn-outline" onclick="selectAll()">Select All</span>
+    <span class="btn btn-outline" onclick="selectNone()">Deselect All</span>
+    <span style="flex:1"></span>
+    <span class="btn btn-primary" onclick="openImport()">Import</span>
+    <span class="btn btn-outline" onclick="doExport()">Export</span>
+    <span class="btn btn-success" onclick="batchAction('test')">Test Selected</span>
+    <span class="btn btn-warning" onclick="batchAction('refresh')">Refresh JWT</span>
+    <span class="btn btn-danger" onclick="batchAction('delete')">Delete Selected</span>
+    <span class="btn btn-danger" onclick="deleteInactive()">Delete Inactive</span>
+  </div>
+  <table>
+    <thead><tr>
+      <th><input type="checkbox" id="chk-all" onchange="toggleAll(this.checked)"></th>
+      <th>ID</th><th>Email</th><th>Balance</th><th>Status</th><th>Last Used</th><th>Created</th><th>Actions</th>
+    </tr></thead>
+    <tbody id="tbody"></tbody>
+  </table>
+</div>
+
+<div class="modal" id="modal-import">
+  <div class="modal-box">
+    <h3>Import Accounts</h3>
+    <p style="font-size:13px;color:#888;margin-bottom:10px">Paste JSONL data (one account per line: email, password, jwt required)</p>
+    <textarea id="import-text" placeholder='{"email":"...","password":"...","jwt":"..."}'></textarea>
+    <p style="font-size:12px;color:#888;margin-top:8px">Or upload a .zip file containing accounts.jsonl:</p>
+    <input type="file" id="import-file" accept=".zip" style="margin-top:6px">
+    <div class="modal-actions">
+      <span class="btn btn-outline" onclick="closeImport()">Cancel</span>
+      <span class="btn btn-primary" onclick="doImportText()">Import JSONL</span>
+      <span class="btn btn-primary" onclick="doImportZip()">Import Zip</span>
+    </div>
+  </div>
+</div>
+
+<div class="toast" id="toast"></div>
+
+<script>
+const API='/v1/admin';
+let tokens=[];let selected=new Set();
+
+async function api(path,opts={}){
+  const r=await fetch(API+path,opts);
+  if(r.status===401){window.location.href='/admin/login';return null}
+  return r;
+}
+
+function toast(msg,dur=3000){const t=document.getElementById('toast');t.textContent=msg;t.classList.add('show');setTimeout(()=>t.classList.remove('show'),dur)}
+
+async function load(){
+  const r=await api('/tokens');if(!r)return;
+  const d=await r.json();
+  tokens=d.tokens||[];
+  document.getElementById('s-total').textContent=d.total;
+  document.getElementById('s-active').textContent=d.active;
+  document.getElementById('s-inactive').textContent=d.total-d.active;
+  render();
+}
+
+function render(){
+  const f=document.getElementById('filter').value;
+  const tbody=document.getElementById('tbody');
+  let rows=tokens;
+  if(f==='active')rows=rows.filter(t=>t.is_active);
+  else if(f==='inactive')rows=rows.filter(t=>!t.is_active);
+  tbody.innerHTML=rows.map(t=>`<tr>
+    <td><input type="checkbox" class="row-chk" data-id="${t.id}" ${selected.has(t.id)?'checked':''} onchange="toggleSel(${t.id},this.checked)"></td>
+    <td>${t.id}</td>
+    <td style="font-family:monospace;font-size:12px">${t.email}</td>
+    <td>${t.balance!=null?'$'+t.balance.toFixed(2):'-'}</td>
+    <td><span class="badge ${t.is_active?'badge-ok':'badge-off'}">${t.is_active?'Active':'Inactive'}</span></td>
+    <td style="font-size:12px;color:#888">${t.last_used?new Date(t.last_used).toLocaleString():'-'}</td>
+    <td style="font-size:12px;color:#888">${t.created_at?new Date(t.created_at).toLocaleDateString():'-'}</td>
+    <td>
+      <span class="btn btn-outline" style="padding:4px 8px;font-size:11px" onclick="toggleOne(${t.id})">${t.is_active?'Disable':'Enable'}</span>
+    </td>
+  </tr>`).join('');
+}
+
+function toggleSel(id,c){if(c)selected.add(id);else selected.delete(id)}
+function selectAll(){tokens.forEach(t=>selected.add(t.id));render()}
+function selectNone(){selected.clear();render()}
+function toggleAll(c){if(c)selectAll();else selectNone()}
+
+async function toggleOne(id){
+  await api('/tokens/toggle',{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify({ids:[id],active:!tokens.find(t=>t.id===id)?.is_active})});
+  load();
+}
+
+async function batchAction(action){
+  const ids=[...selected];
+  if(!ids.length){toast('Select accounts first');return}
+  if(action==='delete'&&!confirm(`Delete ${ids.length} accounts?`))return;
+  const endpoint=`/tokens/${action}`;
+  toast(`Processing ${ids.length} accounts...`);
+  const r=await api(endpoint,{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify({ids})});
+  if(r){const d=await r.json();toast(JSON.stringify(d))}
+  selected.clear();load();
+}
+
+async function deleteInactive(){
+  if(!confirm('Delete all inactive accounts?'))return;
+  const r=await api('/tokens/delete-inactive',{method:'POST'});
+  if(r){const d=await r.json();toast(`Deleted ${d.deleted} inactive accounts`)}
+  load();
+}
+
+function openImport(){document.getElementById('modal-import').classList.add('open')}
+function closeImport(){document.getElementById('modal-import').classList.remove('open')}
+
+async function doImportText(){
+  const text=document.getElementById('import-text').value.trim();
+  if(!text){toast('Paste JSONL data first');return}
+  const r=await api('/tokens/import',{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify({jsonl:text})});
+  if(r){const d=await r.json();toast(`Imported ${d.imported} accounts`+(d.errors.length?`, ${d.errors.length} errors`:''));closeImport();load()}
+}
+
+async function doImportZip(){
+  const f=document.getElementById('import-file').files[0];
+  if(!f){toast('Select a zip file');return}
+  const buf=await f.arrayBuffer();
+  const r=await api('/tokens/import-zip',{method:'POST',headers:{'Content-Type':'application/octet-stream'},body:buf});
+  if(r){const d=await r.json();toast(`Imported ${d.imported} accounts`);closeImport();load()}
+}
+
+async function doExport(){
+  const r=await api('/tokens/export');
+  if(!r)return;
+  const blob=await r.blob();
+  const a=document.createElement('a');a.href=URL.createObjectURL(blob);a.download='emergent_accounts.zip';a.click();
+}
+
+async function logout(){
+  await api('/logout',{method:'POST'});
+  window.location.href='/admin/login';
+}
+
+load();
+</script>
+</body>
+</html>