Merge pull request #123 from sdcb/feature/1.10.2

Feature/1.10.2

Author: sdcb

AzureFileMigrator/AzureFileMigrator.csproj

@@ -9,7 +9,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="10.0.0" />
+    <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="10.0.3" />
   </ItemGroup>
 
   <ItemGroup>

README.md

@@ -17,16 +17,16 @@ Sdcb Chats 是一个强大且灵活的大语言模型前端，支持 21+ 主流
 
 <img alt="chats" src="https://github.com/user-attachments/assets/106ece3f-d94d-460e-9313-4a01f624a647" />
 
-## 🆕 最新版本（1.10.1）
+## 🆕 最新版本（1.10.2）
 
-- 📅 发布日期：2026-02-15
-- 🐳 沙箱管理器增强：环境变量管理、会话信息卡片、文件管理与编辑体验升级
-- ⚡ 性能改进：高频接口支持服务端 ETag 缓存与 304，移除前端聊天列表本地缓存
-- 🗺️ 交互优化：新增 ChatMiniMap 导航，滚动控制从输入框迁移
-- 🔐 安全与可用性：API Key 创建后一次性展示完整 Key，列表默认脱敏
-- 📦 Code Interpreter 镜像流水线升级：支持构建运行号标识、预装 ripgrep、非 main 分支发布 latest manifest
+- 📅 发布日期：2026-03-10
+- 🔍 Request Trace：新增入站/出站 HTTP 请求全链路追踪，记录关键时间点、状态码、异常和正文与原始数据
+- 🧑‍💼 管理后台：新增请求跟踪工作台，支持筛选、详情查看、原始下载、双记录对比、Excel 导出和按筛选删除
+- ⚙️ 采集治理：支持采样率、include/exclude 规则、URL 参数脱敏、保留周期和热刷新
+- ♻️ 生命周期管理：新增队列容量保护与定时自动清理，降低持续采集对业务链路的干扰
+- 🛠️ 其它改进：统计卡片按时间范围统计，长用户消息支持折叠，Anthropic 协议兼容性继续改进
 
-👉 [查看 1.10.1 发布说明](./doc/zh-CN/release-notes/1.10.1.md) · [查看全部版本](./doc/zh-CN/release-notes/README.md)
+👉 [查看 1.10.2 发布说明](./doc/zh-CN/release-notes/1.10.2.md) · [查看全部版本](./doc/zh-CN/release-notes/README.md)
 
 ## 快速开始
 

README_EN.md

@@ -17,16 +17,16 @@ Sdcb Chats is a powerful and flexible frontend for large language models, suppor
 
 <img alt="chats-en" src="https://github.com/user-attachments/assets/40d2376e-58a0-4309-a2f5-5ed8262a0c2e" />
 
-## 🆕 Latest Release (1.10.1)
+## 🆕 Latest Release (1.10.2)
 
-- 📅 Release Date: 2026-02-15
-- 🐳 Sandbox Manager upgrades: environment variable management, richer session info, improved file manager and editor flows
-- ⚡ Performance: high-frequency APIs now use server-side ETag caching with 304 handling; frontend chat list local cache removed
-- 🗺️ UX: new ChatMiniMap navigation and scroll controls moved out of ChatInput
-- 🔐 Security & usability: API keys show full value once at creation and stay masked in list views
-- 📦 Code Interpreter image pipeline updates: run-version marker, preinstalled ripgrep, and latest manifest publishing on non-main branches
+- 📅 Release Date: 2026-03-10
+- 🔍 Request Trace: adds end-to-end inbound and outbound HTTP tracing with timing points, status codes, errors, body capture, and raw payload storage
+- 🧑‍💼 Admin workspace: adds a dedicated request trace page with filtering, details, raw downloads, compare view, Excel export, and bulk delete by filters
+- ⚙️ Trace governance: adds sampling, include/exclude rules, URL parameter redaction, retention policies, and hot-refreshable configuration
+- ♻️ Lifecycle management: adds bounded queue protection and scheduled cleanup to reduce long-running trace pressure
+- 🛠️ Other improvements: dashboard summary cards now follow the selected time range, long user messages can collapse, and Anthropic compatibility is improved further
 
-👉 [View 1.10.1 Release Notes](./doc/en-US/release-notes/1.10.1.md) · [View All Releases](./doc/en-US/release-notes/README.md)
+👉 [View 1.10.2 Release Notes](./doc/en-US/release-notes/1.10.2.md) · [View All Releases](./doc/en-US/release-notes/README.md)
 
 ## Quick Start
 

doc/en-US/configuration.md

@@ -39,6 +39,8 @@ Chats reads configuration based on the .NET configuration system, with priority
 | [`CodeInterpreter:MaxArtifactsFilesToUpload`](#69-codeinterpretermaxartifactsfilestoupload)                                      | `50`                                    | Max files to upload per turn                  |
 | [`CodeInterpreter:MaxSingleUploadBytes`](#610-codeinterpretermaxsingleuploadbytes)                                               | `157286400`                             | 150MB, single file limit                      |
 | [`CodeInterpreter:MaxTotalUploadBytesPerTurn`](#611-codeinterpretermaxtotaluploadbytesperturn)                                   | `314572800`                             | 300MB, total limit per turn                   |
+| [`RequestTraceQueue:Capacity`](#91-requesttracequeuecapacity)                                                                    | `1000`                                  | Request trace in-memory queue capacity        |
+| [`RequestTraceCleanup:Enabled`](#92-requesttracecleanupenabled)                                                                  | `true`                                  | Controls whether scheduled auto-delete runs   |
 | [`JwtValidPeriod`](#71-jwtvalidperiod)                                                                                           | `1.00:00:00`                            | 1 day, JWT validity period                    |
 | [`JwtSecretKey`](#72-jwtsecretkey)                                                                                               | `null`                                  | Recommended to set stable key in production   |
 | [`Chat:Retry429Times`](#81-chatretry429times)                                                                                    | `5`                                     | HTTP 429 retry count                          |
@@ -356,3 +358,32 @@ The `CodeInterpreter` configuration group controls: the default sandbox image to
 
 - **Environment variable syntax**: `Chat__Retry429Times=5`
 - **Command-line syntax**: `--Chat:Retry429Times=5`
+
+---
+
+## 9. Request Trace
+
+### 9.1 `RequestTraceQueue:Capacity`
+
+- **Type**: Integer
+- **Default**: `1000`
+- **Purpose**: Limits the in-memory bounded channel capacity used by request trace queue.
+- **Behavior**:
+  - Uses `DropWrite` mode when queue is full.
+  - If set to `<= 0`, the service falls back to `1000`.
+
+- **Environment variable syntax**: `RequestTraceQueue__Capacity=1000`
+- **Command-line syntax**: `--RequestTraceQueue:Capacity=1000`
+
+### 9.2 `RequestTraceCleanup:Enabled`
+
+- **Type**: Boolean
+- **Default**: `true`
+- **Purpose**: Controls whether the RequestTrace scheduled auto-delete background task is enabled.
+- **Behavior**:
+  - When enabled, the background service runs every 30 minutes.
+  - Each run deletes RequestTrace rows where `ScheduledDeleteAt <= current UTC time` (using `ExecuteDeleteAsync`).
+  - When disabled, scheduled auto-delete is skipped.
+
+- **Environment variable syntax**: `RequestTraceCleanup__Enabled=true`
+- **Command-line syntax**: `--RequestTraceCleanup:Enabled=true`

doc/en-US/release-notes/1.10.2.md

@@ -0,0 +1,81 @@
+<!-- Language: en-US -->
+<p><a href="./README.md">📋 All Versions</a> <span style="float:right"><b>English</b> | <a href="../../zh-CN/release-notes/1.10.2.md">简体中文</a></span></p>
+
+# Chats 1.10.2 Release Notes
+
+> Release Date: 2026-03-10 (47 commits since main)
+
+1.10.2 is an observability-focused release centered on **Request Trace**. It introduces **inbound and outbound HTTP request tracing**, a new **admin request trace workspace**, and **configurable sampling, filtering, redaction, and retention policies**, together with export, compare, bulk delete, and scheduled cleanup support. It also includes a small set of admin dashboard, message UX, and Anthropic compatibility improvements.
+
+## 🎯 Core Features
+
+### 1) Request Trace: end-to-end inbound and outbound HTTP tracing
+
+- 🔍 **Two-way capture**: adds `InboundRequestTraceMiddleware` and `OutboundRequestTraceHandler` to trace both inbound user requests and outbound service-to-service HTTP calls.
+- 🧭 **Trace metadata**: records `TraceId`, user, source, HTTP method, full URL, status code, error type, and key timestamps for request start, request body completion, response header completion, and response body completion.
+- 📦 **Body and raw payload capture**: stores request/response headers, text bodies, raw binary payloads, and body length statistics for troubleshooting encoding, compression, and gateway passthrough issues.
+- 🔗 **Broader backend coverage**: request tracing is wired into multiple outbound HTTP call paths, making it easier to correlate upstream requests with downstream dependency behavior.
+
+### 2) New admin request trace workspace
+
+- 🧑‍💼 **Dedicated admin page**: adds `/admin/request-trace` to the admin navigation for centralized trace inspection.
+- 🔎 **Advanced filtering**: supports filtering by time range, URL, TraceId, username, and direction, with query state preserved in the URL for refresh and sharing.
+- 🧱 **24 selectable columns**: allows per-scenario column selection and persists visible columns in URL query parameters.
+- 👀 **Details and downloads**: each trace supports full request/response header and body inspection, `.dump` export, and raw request/response binary downloads, with explicit guidance when the response body is binary-only.
+- 🆚 **Two-trace compare**: supports side-by-side comparison for two selected traces, with an option to hide identical fields.
+- 📤 **Export and cleanup**: supports Excel export for the current filter set (up to 10000 rows) and bulk deletion by current filters.
+
+### 3) Configurable capture rules, redaction, and retention
+
+- ⚙️ **Independent inbound/outbound config**: inbound and outbound tracing can be enabled and tuned separately for sample rate, minimum duration, header/body capture, and retention days.
+- 🎯 **Include/exclude filters**: supports include and exclude rules by source, URL patterns, HTTP methods, and status codes, with quick presets for common gateway scenarios.
+- 🕶️ **Redaction improvements**: adds configurable URL parameter redaction and improves default redaction ordering to reduce the risk of sensitive values being stored.
+- ♻️ **Hot refresh**: trace configuration is stored in the database config table and refreshed by a background service without requiring a restart.
+
+## 🏗️ Architecture & Engineering
+
+### 1) Persistence and lifecycle management
+
+- 🗄️ **Two-table storage model**: adds `RequestTrace` and `RequestTracePayload`, separating metadata from large payload content and keeping them consistent through cascading delete.
+- 📇 **Indexes and scheduled cleanup**: adds indexes on `StartedAt`, `UserId`, `TraceId`, and `ScheduledDeleteAt`; scheduled cleanup runs every 30 minutes to remove expired traces.
+- 🚦 **Queue protection**: adds `RequestTraceQueue:Capacity` and uses a bounded in-memory queue with `DropWrite` behavior to protect the main request path under pressure.
+- 🧵 **Async persistence**: tracing persistence is queue-based and asynchronous, reducing synchronous I/O pressure while keeping multi-stage timing and exception capture intact.
+
+### 2) Stability refinements for the tracing pipeline
+
+- 🧪 **Edge-case test coverage**: adds unit tests for `CaptureStreams`, `ObservedHttpContent`, `RequestTraceHelper`, `RequestTracePersistService`, and `RequestTraceQueue`.
+- 🛡️ **Stability fixes**: fixes missing 401 inbound traces, empty-pattern matching, details dialog overflow, redundant payload deletion, and binary/JSON presentation issues.
+- 🧰 **Config capacity**: expands `Config.Value` to `NVARCHAR(MAX)` so larger JSON trace configs can be stored safely.
+
+## 🎨 Other Improvements
+
+### Admin dashboard and message UX
+
+- 📊 **Dashboard summary cards**: admin summary cards now compute chat count and active users based on the currently selected time range.
+- ✂️ **User message collapse**: long user messages can now collapse inside the message bubble with an approximately 5.5-line preview.
+- 🧠 **Thinking display refinement**: removes the fixed max-height cap from `ThinkingMessage` expansion so long reasoning content behaves more naturally.
+
+### Protocol compatibility and dependency updates
+
+- 🔧 **Anthropic compatibility fixes**: fixes lost tool results during Anthropic message conversion (#122) and improves thinking signature compatibility for the DeepSeek Anthropic protocol path.
+- 🔤 **Readable MCP JSON**: preserves readable Unicode when fetching MCP tool input schemas instead of over-escaping JSON.
+- ⬆️ **Frontend dependency update**: upgrades the frontend to `Next.js 16.1.6` and aligns related browser compatibility dependencies.
+
+## 🐛 Stability Fixes
+
+- Fixes Request Trace default redaction ordering and field ordering issues.
+- Fixes request/response capture timing so traces can start earlier and body capture becomes more complete.
+- Fixes scrolling and overflow behavior in the Request Trace details dialog for long headers and long bodies.
+- Simplifies the include/exclude rule organization in the trace config dialog to reduce configuration friction.
+
+## ⬆️ Upgrade Notes
+
+- Run DB migration: `src/scripts/db-migration/1.10/1.10.2.sql`
+  - Adds the `RequestTrace` main table and the `RequestTracePayload` payload table
+  - Adds indexes for `StartedAt`, `UserId`, `TraceId`, and `ScheduledDeleteAt`
+  - Expands `Config.Value` to `NVARCHAR(MAX)` to support larger JSON configuration payloads
+- New config keys:
+  - `RequestTraceQueue:Capacity`: controls the in-memory request trace queue capacity, default `1000`
+  - `RequestTraceCleanup:Enabled`: controls scheduled auto-cleanup, default `true`
+- Upgrading does not automatically enable Request Trace for all traffic; the actual capture scope still depends on the inbound/outbound tracing rules, sample rate, and retention policy configured by the admin.
+- If you plan to enable request tracing in a high-concurrency environment, set sample rate, URL filters, and retention days first to avoid unnecessary database write and storage pressure.

doc/en-US/release-notes/README.md

@@ -7,7 +7,21 @@ This page indexes all major version release notes for the Chats project, from th
 
 ---
 
-## [1.10.1](1.10.1.md) - 2026-02-15 ⭐ Latest Release
+## [1.10.2](1.10.2.md) - 2026-03-10 ⭐ Latest Release
+
+**Core Highlights**: Request Trace end-to-end tracing · Admin request trace workspace · Sampling/filtering/redaction/retention policies · Export, compare, and scheduled cleanup · Small UX and compatibility improvements
+
+- 🔍 **Request Trace**: adds inbound and outbound HTTP request tracing with timing points, status codes, errors, body capture, and raw payload downloads
+- 🧑‍💼 **Admin Workspace**: adds a dedicated request trace page with filters, 24-column customization, details, raw downloads, two-trace compare, Excel export, and bulk delete by filters
+- ⚙️ **Trace Governance**: supports separate inbound/outbound settings, sample rate, include/exclude filters, URL parameter redaction, and retention policies
+- ♻️ **Lifecycle Management**: adds bounded queue protection and scheduled cleanup to reduce long-running trace storage pressure
+- 🛠️ **Other Improvements**: updates dashboard summary card metrics, adds long user message collapse, and improves Anthropic protocol compatibility
+
+[View Full Release Notes →](1.10.2.md)
+
+---
+
+## [1.10.1](1.10.1.md) - 2026-02-15
 
 **Core Highlights**: Sandbox Manager Enhancements · Server-side ETag Caching · ChatMiniMap Navigation · API Key Management Upgrades · Code Interpreter Image Pipeline Updates
 

doc/zh-CN/configuration.md

@@ -41,6 +41,8 @@ Chats 基于 .NET 配置系统读取配置，优先级从高到低为：
 | [`CodeInterpreter:MaxArtifactsFilesToUpload`](#69-codeinterpretermaxartifactsfilestoupload)                                      | `50`                                    | 每轮最多上传文件数          |
 | [`CodeInterpreter:MaxSingleUploadBytes`](#610-codeinterpretermaxsingleuploadbytes)                                               | `157286400`                             | 150MB，单文件限制           |
 | [`CodeInterpreter:MaxTotalUploadBytesPerTurn`](#611-codeinterpretermaxtotaluploadbytesperturn)                                   | `314572800`                             | 300MB，单轮总限制           |
+| [`RequestTraceQueue:Capacity`](#91-requesttracequeuecapacity)                                                                    | `1000`                                  | RequestTrace 内存队列容量   |
+| [`RequestTraceCleanup:Enabled`](#92-requesttracecleanupenabled)                                                                  | `true`                                  | 控制定时自动删除是否启用    |
 | [`JwtValidPeriod`](#71-jwtvalidperiod)                                                                                           | `1.00:00:00`                            | 1天，JWT有效期              |
 | [`JwtSecretKey`](#72-jwtsecretkey)                                                                                               | `null`                                  | 生产环境建议设置稳定密钥    |
 | [`Chat:Retry429Times`](#81-chatretry429times)                                                                                    | `5`                                     | HTTP 429重试次数            |
@@ -360,3 +362,32 @@ Chats 基于 .NET 配置系统读取配置，优先级从高到低为：
 
 - **环境变量写法**：`Chat__Retry429Times=5`
 - **命令行写法**：`--Chat:Retry429Times=5`
+
+---
+
+## 9. RequestTrace
+
+### 9.1 `RequestTraceQueue:Capacity`
+
+- **类型**：整数
+- **默认值**：`1000`
+- **用途**：限制 RequestTrace 内存有界队列（Channel）的容量。
+- **行为说明**：
+  - 队列满时采用 `DropWrite` 策略。
+  - 配置为 `<= 0` 时，会回退到 `1000`。
+
+- **环境变量写法**：`RequestTraceQueue__Capacity=1000`
+- **命令行写法**：`--RequestTraceQueue:Capacity=1000`
+
+### 9.2 `RequestTraceCleanup:Enabled`
+
+- **类型**：布尔值
+- **默认值**：`true`
+- **用途**：控制 RequestTrace 自动删除后台任务是否启用。
+- **行为说明**：
+  - 启用时，后台服务每 30 分钟执行一次。
+  - 每次执行会删除 `ScheduledDeleteAt <= 当前 UTC 时间` 的 RequestTrace 记录（使用 `ExecuteDeleteAsync`）。
+  - 关闭时，不执行自动删除。
+
+- **环境变量写法**：`RequestTraceCleanup__Enabled=true`
+- **命令行写法**：`--RequestTraceCleanup:Enabled=true`