Merge pull request #650 from wucm667/feat/sync-page-title-on-locale-change

feat(i18n): 切换语言时同步更新页面标题
feat(frontend): 为管理端用量页面添加列显示设置
2026-04-06 08:20:23 +08:00 · 2026-02-27 19:48:36 +08:00 · 2026-02-27 19:41:26 +08:00 · 2026-02-27 19:20:44 +08:00 · 2026-02-27 19:19:36 +08:00 · 2026-02-27 17:37:30 +08:00
714 changed files with 127333 additions and 46012 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,15 @@
 # 确保所有 SQL 迁移文件使用 LF 换行符
 backend/migrations/*.sql text eol=lf
 # Go 源代码文件
 *.go text eol=lf
 # Shell 脚本
 *.sh text eol=lf
 # YAML/YML 配置文件
 *.yaml text eol=lf
 *.yml text eol=lf
 # Dockerfile
 Dockerfile text eol=lf
--- a/.github/workflows/backend-ci.yml
+++ b/.github/workflows/backend-ci.yml
@@ -19,7 +19,7 @@ jobs:
          cache: true
      - name: Verify Go version
        run: |
-          go version | grep -q 'go1.25.5'
+          go version | grep -q 'go1.25.7'
      - name: Unit tests
        working-directory: backend
        run: make test-unit
@@ -38,10 +38,10 @@ jobs:
          cache: true
      - name: Verify Go version
        run: |
-          go version | grep -q 'go1.25.5'
+          go version | grep -q 'go1.25.7'
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v9
        with:
          version: v2.7
          args: --timeout=5m
-          working-directory: backend
+          working-directory: backend
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -115,7 +115,7 @@ jobs:
      - name: Verify Go version
        run: |
-          go version | grep -q 'go1.25.5'
+          go version | grep -q 'go1.25.7'
      # Docker setup for GoReleaser
      - name: Set up QEMU
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -22,7 +22,7 @@ jobs:
          cache-dependency-path: backend/go.sum
      - name: Verify Go version
        run: |
-          go version | grep -q 'go1.25.5'
+          go version | grep -q 'go1.25.7'
      - name: Run govulncheck
        working-directory: backend
        run: |
@@ -32,7 +32,7 @@ jobs:
        working-directory: backend
        run: |
          go install github.com/securego/gosec/v2/cmd/gosec@latest
-          gosec -severity high -confidence high ./...
+          gosec -conf .gosec.json -severity high -confidence high ./...
  frontend-security:
    runs-on: ubuntu-latest
--- a/.gitignore
+++ b/.gitignore
@@ -121,7 +121,6 @@ AGENTS.md
 scripts
 .code-review-state
 openspec/
 docs/
 code-reviews/
 AGENTS.md
 backend/cmd/server/server
@@ -129,4 +128,8 @@ deploy/docker-compose.override.yml
 .gocache/
 vite.config.js
 docs/*
-.serena/
+.serena/
 .codex/
 frontend/coverage/
 aicodex
--- a/DEV_GUIDE.md
+++ b/DEV_GUIDE.md
@@ -0,0 +1,346 @@
 # sub2api 项目开发指南
 > 本文档记录项目环境配置、常见坑点和注意事项，供 Claude Code 和团队成员参考。
 ## 一、项目基本信息
 | 项目 | 说明 |
 |------|------|
 | **上游仓库** | Wei-Shaw/sub2api |
 | **Fork 仓库** | bayma888/sub2api-bmai |
 | **技术栈** | Go 后端 (Ent ORM + Gin) + Vue3 前端 (pnpm) |
 | **数据库** | PostgreSQL 16 + Redis |
 | **包管理** | 后端: go modules, 前端: **pnpm**（不是 npm） |
 ## 二、本地环境配置
 ### PostgreSQL 16 (Windows 服务)
 | 配置项 | 值 |
 |--------|-----|
 | 端口 | 5432 |
 | psql 路径 | `C:\Program Files\PostgreSQL\16\bin\psql.exe` |
 | pg_hba.conf | `C:\Program Files\PostgreSQL\16\data\pg_hba.conf` |
 | 数据库凭据 | user=`sub2api`, password=`sub2api`, dbname=`sub2api` |
 | 超级用户 | user=`postgres`, password=`postgres` |
 ### Redis
 | 配置项 | 值 |
 |--------|-----|
 | 端口 | 6379 |
 | 密码 | 无 |
 ### 开发工具
 ```bash
 # golangci-lint v2.7
 go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.7
 # pnpm (前端包管理)
 npm install -g pnpm
 ```
 ## 三、CI/CD 流水线
 ### GitHub Actions Workflows
 | Workflow | 触发条件 | 检查内容 |
 |----------|----------|----------|
 | **backend-ci.yml** | push, pull_request | 单元测试 + 集成测试 + golangci-lint v2.7 |
 | **security-scan.yml** | push, pull_request, 每周一 | govulncheck + gosec + pnpm audit |
 | **release.yml** | tag `v*` | 构建发布（PR 不触发） |
 ### CI 要求
 - Go 版本必须是 **1.25.7**
 - 前端使用 `pnpm install --frozen-lockfile`，必须提交 `pnpm-lock.yaml`
 ### 本地测试命令
 ```bash
 # 后端单元测试
 cd backend && go test -tags=unit ./...
 # 后端集成测试
 cd backend && go test -tags=integration ./...
 # 代码质量检查
 cd backend && golangci-lint run ./...
 # 前端依赖安装（必须用 pnpm）
 cd frontend && pnpm install
 ```
 ## 四、常见坑点 & 解决方案
 ### 坑 1：pnpm-lock.yaml 必须同步提交
 **问题**：`package.json` 新增依赖后，CI 的 `pnpm install --frozen-lockfile` 失败。
 **原因**：上游 CI 使用 pnpm，lock 文件不同步会报错。
 **解决**：
 ```bash
 cd frontend
 pnpm install  # 更新 pnpm-lock.yaml
 git add pnpm-lock.yaml
 git commit -m "chore: update pnpm-lock.yaml"
 ```
 ---
 ### 坑 2：npm 和 pnpm 的 node_modules 冲突
 **问题**：之前用 npm 装过 `node_modules`，pnpm install 报 `EPERM` 错误。
 **解决**：
 ```bash
 cd frontend
 rm -rf node_modules  # 或 PowerShell: Remove-Item -Recurse -Force node_modules
 pnpm install
 ```
 ---
 ### 坑 3：PowerShell 中 bcrypt hash 的 `$` 被转义
 **问题**：bcrypt hash 格式如 `$2a$10$xxx...`，PowerShell 把 `$2a` 当变量解析，导致数据丢失。
 **解决**：将 SQL 写入文件，用 `psql -f` 执行：
 ```bash
 # 错误示范（PowerShell 会吃掉 $）
 psql -c "INSERT INTO users ... VALUES ('$2a$10$...')"
 # 正确做法
 echo "INSERT INTO users ... VALUES ('\$2a\$10\$...')" > temp.sql
 psql -U sub2api -h 127.0.0.1 -d sub2api -f temp.sql
 ```
 ---
 ### 坑 4：psql 不支持中文路径
 **问题**：`psql -f "D:\中文路径\file.sql"` 报错找不到文件。
 **解决**：复制到纯英文路径再执行：
 ```bash
 cp "D:\中文路径\file.sql" "C:\temp.sql"
 psql -f "C:\temp.sql"
 ```
 ---
 ### 坑 5：PostgreSQL 密码重置流程
 **场景**：忘记 PostgreSQL 密码。
 **步骤**：
 1. 修改 `C:\Program Files\PostgreSQL\16\data\pg_hba.conf`
   ```
   # 将 scram-sha-256 改为 trust
   host    all    all    127.0.0.1/32    trust
   ```
 2. 重启 PostgreSQL 服务
   ```powershell
   Restart-Service postgresql-x64-16
   ```
 3. 无密码登录并重置
   ```bash
   psql -U postgres -h 127.0.0.1
   ALTER USER sub2api WITH PASSWORD 'sub2api';
   ALTER USER postgres WITH PASSWORD 'postgres';
   ```
 4. 改回 `scram-sha-256` 并重启
 ---
 ### 坑 6：Go interface 新增方法后 test stub 必须补全
 **问题**：给 interface 新增方法后，编译报错 `does not implement interface (missing method XXX)`。
 **原因**：所有测试文件中实现该 interface 的 stub/mock 都必须补上新方法。
 **解决**：
 ```bash
 # 搜索所有实现该 interface 的 struct
 cd backend
 grep -r "type.*Stub.*struct" internal/
 grep -r "type.*Mock.*struct" internal/
 # 逐一补全新方法
 ```
 ---
 ### 坑 7：Windows 上 psql 连 localhost 的 IPv6 问题
 **问题**：psql 连 `localhost` 先尝试 IPv6 (::1)，可能报错后再回退 IPv4。
 **建议**：直接用 `127.0.0.1` 代替 `localhost`。
 ---
 ### 坑 8：Windows 没有 make 命令
 **问题**：CI 里用 `make test-unit`，本地 Windows 没有 make。
 **解决**：直接用 Makefile 里的原始命令：
 ```bash
 # 代替 make test-unit
 go test -tags=unit ./...
 # 代替 make test-integration
 go test -tags=integration ./...
 ```
 ---
 ### 坑 9：Ent Schema 修改后必须重新生成
 **问题**：修改 `ent/schema/*.go` 后，代码不生效。
 **解决**：
 ```bash
 cd backend
 go generate ./ent  # 重新生成 ent 代码
 git add ent/       # 生成的文件也要提交
 ```
 ---
 ### 坑 10：前端测试看似正常，但后端调用失败（模型映射被批量误改）
 **典型现象**：
 - 前端按钮点测看起来正常；
 - 实际通过 API/客户端调用时返回 `Service temporarily unavailable` 或提示无可用账号；
 - 常见于 OpenAI 账号（例如 Codex 模型）在批量修改后突然不可用。
 **根因**：
 - OpenAI 账号编辑页默认不显式展示映射规则，容易让人误以为“没映射也没关系”；
 - 但在**批量修改同时选中不同平台账号**（OpenAI + Antigravity/Gemini）时，模型白名单/映射可能被跨平台策略覆盖；
 - 结果是 OpenAI 账号的关键模型映射丢失或被改坏，后端选不到可用账号。
 **修复方案（按优先级）**：
 1. **快速修复（推荐）**：在批量修改中补回正确的透传映射（例如 `gpt-5.3-codex -> gpt-5.3-codex-spark`）。
 2. **彻底重建**：删除并重新添加全部相关账号（最稳但成本高）。
 **关键经验**：
 - 如果某模型已被软件内置默认映射覆盖，通常不需要额外再加透传；
 - 但当上游模型更新快于本仓库默认映射时，**手动批量添加透传映射**是最简单、最低风险的临时兜底方案；
 - 批量操作前尽量按平台分组，不要混选不同平台账号。
 ---
 ### 坑 11：PR 提交前检查清单
 提交 PR 前务必本地验证：
 - [ ] `go test -tags=unit ./...` 通过
 - [ ] `go test -tags=integration ./...` 通过
 - [ ] `golangci-lint run ./...` 无新增问题
 - [ ] `pnpm-lock.yaml` 已同步（如果改了 package.json）
 - [ ] 所有 test stub 补全新接口方法（如果改了 interface）
 - [ ] Ent 生成的代码已提交（如果改了 schema）
 ## 五、常用命令速查
 ### 数据库操作
 ```bash
 # 连接数据库
 psql -U sub2api -h 127.0.0.1 -d sub2api
 # 查看所有用户
 psql -U postgres -h 127.0.0.1 -c "\du"
 # 查看所有数据库
 psql -U postgres -h 127.0.0.1 -c "\l"
 # 执行 SQL 文件
 psql -U sub2api -h 127.0.0.1 -d sub2api -f migration.sql
 ```
 ### Git 操作
 ```bash
 # 同步上游
 git fetch upstream
 git checkout main
 git merge upstream/main
 git push origin main
 # 创建功能分支
 git checkout -b feature/xxx
 # Rebase 到最新 main
 git fetch upstream
 git rebase upstream/main
 ```
 ### 前端操作
 ```bash
 # 安装依赖（必须用 pnpm）
 cd frontend
 pnpm install
 # 开发服务器
 pnpm dev
 # 构建
 pnpm build
 ```
 ### 后端操作
 ```bash
 # 运行服务器
 cd backend
 go run ./cmd/server/
 # 生成 Ent 代码
 go generate ./ent
 # 运行测试
 go test -tags=unit ./...
 go test -tags=integration ./...
 # Lint 检查
 golangci-lint run ./...
 ```
 ## 六、项目结构速览
 ```
 sub2api-bmai/
 ├── backend/
 │   ├── cmd/server/          # 主程序入口
 │   ├── ent/                 # Ent ORM 生成代码
 │   │   └── schema/          # 数据库 Schema 定义
 │   ├── internal/
 │   │   ├── handler/         # HTTP 处理器
 │   │   ├── service/         # 业务逻辑
 │   │   ├── repository/      # 数据访问层
 │   │   └── server/          # 服务器配置
 │   ├── migrations/          # 数据库迁移脚本
 │   └── config.yaml          # 配置文件
 ├── frontend/
 │   ├── src/
 │   │   ├── api/             # API 调用
 │   │   ├── components/      # Vue 组件
 │   │   ├── views/           # 页面视图
 │   │   ├── types/           # TypeScript 类型
 │   │   └── i18n/            # 国际化
 │   ├── package.json         # 依赖配置
 │   └── pnpm-lock.yaml       # pnpm 锁文件（必须提交）
 └── .claude/
    └── CLAUDE.md            # 本文档
 ```
 ## 七、参考资源
 - [上游仓库](https://github.com/Wei-Shaw/sub2api)
 - [Ent 文档](https://entgo.io/docs/getting-started)
 - [Vue3 文档](https://vuejs.org/)
 - [pnpm 文档](https://pnpm.io/)
--- a/12
+++ b/12
@@ -7,7 +7,7 @@
 # =============================================================================
 ARG NODE_IMAGE=node:24-alpine
-ARG GOLANG_IMAGE=golang:1.25.5-alpine
+ARG GOLANG_IMAGE=golang:1.25.7-alpine
 ARG ALPINE_IMAGE=alpine:3.20
 ARG GOPROXY=https://goproxy.cn,direct
 ARG GOSUMDB=sum.golang.google.cn
@@ -36,7 +36,7 @@ RUN pnpm run build
 FROM ${GOLANG_IMAGE} AS backend-builder
 # Build arguments for version info (set by CI)
-ARG VERSION=docker
+ARG VERSION=
 ARG COMMIT=docker
 ARG DATE
 ARG GOPROXY
@@ -61,9 +61,13 @@ COPY backend/ ./
 COPY --from=frontend-builder /app/backend/internal/web/dist ./internal/web/dist
 # Build the binary (BuildType=release for CI builds, embed frontend)
-RUN CGO_ENABLED=0 GOOS=linux go build \
+# Version precedence: build arg VERSION > cmd/server/VERSION
 RUN VERSION_VALUE="${VERSION}" && \
    if [ -z "${VERSION_VALUE}" ]; then VERSION_VALUE="$(tr -d '\r\n' < ./cmd/server/VERSION)"; fi && \
    DATE_VALUE="${DATE:-$(date -u +%Y-%m-%dT%H:%M:%SZ)}" && \
    CGO_ENABLED=0 GOOS=linux go build \
    -tags embed \
-    -ldflags="-s -w -X main.Commit=${COMMIT} -X main.Date=${DATE:-$(date -u +%Y-%m-%dT%H:%M:%SZ)} -X main.BuildType=release" \
+    -ldflags="-s -w -X main.Version=${VERSION_VALUE} -X main.Commit=${COMMIT} -X main.Date=${DATE_VALUE} -X main.BuildType=release" \
    -o /app/sub2api \
    ./cmd/server
--- a/Connect.md
+++ b/Connect.md
@@ -1,368 +0,0 @@
 # Linux DO Connect
 OAuth（Open Authorization）是一个开放的网络授权标准，目前最新版本为 OAuth 2.0。我们日常使用的第三方登录（如 Google 账号登录）就采用了该标准。OAuth 允许用户授权第三方应用访问存储在其他服务提供商（如 Google）上的信息，无需在不同平台上重复填写注册信息。用户授权后，平台可以直接访问用户的账户信息进行身份验证，而用户无需向第三方应用提供密码。
 目前系统已实现完整的 OAuth2 授权码（code）方式鉴权，但界面等配套功能还在持续完善中。让我们一起打造一个更完善的共享方案。
 ## 基本介绍
 这是一套标准的 OAuth2 鉴权系统，可以让开发者共享论坛的用户基本信息。
 - 可获取字段：
 | 参数              | 说明                            |
 | ----------------- | ------------------------------- |
 | `id`              | 用户唯一标识（不可变）          |
 | `username`        | 论坛用户名                      |
 | `name`            | 论坛用户昵称（可变）            |
 | `avatar_template` | 用户头像模板URL（支持多种尺寸） |
 | `active`          | 账号活跃状态                    |
 | `trust_level`     | 信任等级（0-4）                 |
 | `silenced`        | 禁言状态                        |
 | `external_ids`    | 外部ID关联信息                  |
 | `api_key`         | API访问密钥                     |
 通过这些信息，公益网站/接口可以实现：
 1. 基于 `id` 的服务频率限制
 2. 基于 `trust_level` 的服务额度分配
 3. 基于用户信息的滥用举报机制
 ## 相关端点
 - Authorize 端点： `https://connect.linux.do/oauth2/authorize`
 - Token 端点：`https://connect.linux.do/oauth2/token`
 - 用户信息 端点：`https://connect.linux.do/api/user`
 ## 申请使用
 - 访问 [Connect.Linux.Do](https://connect.linux.do/) 申请接入你的应用。
 ![linuxdoconnect_1](https://wiki.linux.do/_next/image?url=%2Flinuxdoconnect_1.png&w=1080&q=75)
 - 点击 **`我的应用接入`** - **`申请新接入`**，填写相关信息。其中 **`回调地址`** 是你的应用接收用户信息的地址。
 ![linuxdoconnect_2](https://wiki.linux.do/_next/image?url=%2Flinuxdoconnect_2.png&w=1080&q=75)
 - 申请成功后，你将获得 **`Client Id`** 和 **`Client Secret`**，这是你应用的唯一身份凭证。
 ![linuxdoconnect_3](https://wiki.linux.do/_next/image?url=%2Flinuxdoconnect_3.png&w=1080&q=75)
 ## 接入 Linux Do
 JavaScript
 ```JavaScript
 // 安装第三方请求库（或使用原生的 Fetch API），本例中使用 axios
 // npm install axios
 // 通过 OAuth2 获取 Linux Do 用户信息的参考流程
 const axios = require('axios');
 const readline = require('readline');
 // 配置信息（建议通过环境变量配置，避免使用硬编码）
 const CLIENT_ID = '你的 Client ID';
 const CLIENT_SECRET = '你的 Client Secret';
 const REDIRECT_URI = '你的回调地址';
 const AUTH_URL = 'https://connect.linux.do/oauth2/authorize';
 const TOKEN_URL = 'https://connect.linux.do/oauth2/token';
 const USER_INFO_URL = 'https://connect.linux.do/api/user';
 // 第一步：生成授权 URL
 function getAuthUrl() {
  const params = new URLSearchParams({
    client_id: CLIENT_ID,
    redirect_uri: REDIRECT_URI,
    response_type: 'code',
    scope: 'user'
  });
  return `${AUTH_URL}?${params.toString()}`;
 }
 // 第二步：获取 code 参数
 function getCode() {
  return new Promise((resolve) => {
    // 本例中使用终端输入来模拟流程，仅供本地测试
    // 请在实际应用中替换为真实的处理逻辑
    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
    rl.question('从回调 URL 中提取出 code，粘贴到此处并按回车：', (answer) => {
      rl.close();
      resolve(answer.trim());
    });
  });
 }
 // 第三步：使用 code 参数获取访问令牌
 async function getAccessToken(code) {
  try {
    const form = new URLSearchParams({
      client_id: CLIENT_ID,
      client_secret: CLIENT_SECRET,
      code: code,
      redirect_uri: REDIRECT_URI,
      grant_type: 'authorization_code'
    }).toString();
    const response = await axios.post(TOKEN_URL, form, {
      // 提醒：需正确配置请求头，否则无法正常获取访问令牌
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
        'Accept': 'application/json'
      }
    });
    return response.data;
  } catch (error) {
    console.error(`获取访问令牌失败：${error.response ? JSON.stringify(error.response.data) : error.message}`);
    throw error;
  }
 }
 // 第四步：使用访问令牌获取用户信息
 async function getUserInfo(accessToken) {
  try {
    const response = await axios.get(USER_INFO_URL, {
      headers: {
        Authorization: `Bearer ${accessToken}`
      }
    });
    return response.data;
  } catch (error) {
    console.error(`获取用户信息失败：${error.response ? JSON.stringify(error.response.data) : error.message}`);
    throw error;
  }
 }
 // 主流程
 async function main() {
  // 1. 生成授权 URL，前端引导用户访问授权页
  const authUrl = getAuthUrl();
  console.log(`请访问此 URL 授权：${authUrl}
 `);
  // 2. 用户授权后，从回调 URL 获取 code 参数
  const code = await getCode();
  try {
    // 3. 使用 code 参数获取访问令牌
    const tokenData = await getAccessToken(code);
    const accessToken = tokenData.access_token;
    // 4. 使用访问令牌获取用户信息
    if (accessToken) {
      const userInfo = await getUserInfo(accessToken);
      console.log(`
 获取用户信息成功：${JSON.stringify(userInfo, null, 2)}`);
    } else {
      console.log(`
 获取访问令牌失败：${JSON.stringify(tokenData)}`);
    }
  } catch (error) {
    console.error('发生错误：', error);
  }
 }
 ```
 Python
 ```python
 # 安装第三方请求库，本例中使用 requests
 # pip install requests
 # 通过 OAuth2 获取 Linux Do 用户信息的参考流程
 import requests
 import json
 # 配置信息（建议通过环境变量配置，避免使用硬编码）
 CLIENT_ID = '你的 Client ID'
 CLIENT_SECRET = '你的 Client Secret'
 REDIRECT_URI = '你的回调地址'
 AUTH_URL = 'https://connect.linux.do/oauth2/authorize'
 TOKEN_URL = 'https://connect.linux.do/oauth2/token'
 USER_INFO_URL = 'https://connect.linux.do/api/user'
 # 第一步：生成授权 URL
 def get_auth_url():
    params = {
        'client_id': CLIENT_ID,
        'redirect_uri': REDIRECT_URI,
        'response_type': 'code',
        'scope': 'user'
    }
    auth_url = f"{AUTH_URL}?{'&'.join(f'{k}={v}' for k, v in params.items())}"
    return auth_url
 # 第二步：获取 code 参数
 def get_code():
    # 本例中使用终端输入来模拟流程，仅供本地测试
    # 请在实际应用中替换为真实的处理逻辑
    return input('从回调 URL 中提取出 code，粘贴到此处并按回车：').strip()
 # 第三步：使用 code 参数获取访问令牌
 def get_access_token(code):
    try:
        data = {
            'client_id': CLIENT_ID,
            'client_secret': CLIENT_SECRET,
            'code': code,
            'redirect_uri': REDIRECT_URI,
            'grant_type': 'authorization_code'
        }
        # 提醒：需正确配置请求头，否则无法正常获取访问令牌
        headers = {
            'Content-Type': 'application/x-www-form-urlencoded',
            'Accept': 'application/json'
        }
        response = requests.post(TOKEN_URL, data=data, headers=headers)
        response.raise_for_status()
        return response.json()
    except requests.exceptions.RequestException as e:
        print(f"获取访问令牌失败：{e}")
        return None
 # 第四步：使用访问令牌获取用户信息
 def get_user_info(access_token):
    try:
        headers = {
            'Authorization': f'Bearer {access_token}'
        }
        response = requests.get(USER_INFO_URL, headers=headers)
        response.raise_for_status()
        return response.json()
    except requests.exceptions.RequestException as e:
        print(f"获取用户信息失败：{e}")
        return None
 # 主流程
 if __name__ == '__main__':
    # 1. 生成授权 URL，前端引导用户访问授权页
    auth_url = get_auth_url()
    print(f'请访问此 URL 授权：{auth_url}
 ')
    # 2. 用户授权后，从回调 URL 获取 code 参数
    code = get_code()
    # 3. 使用 code 参数获取访问令牌
    token_data = get_access_token(code)
    if token_data:
        access_token = token_data.get('access_token')
        # 4. 使用访问令牌获取用户信息
        if access_token:
            user_info = get_user_info(access_token)
            if user_info:
                print(f"
 获取用户信息成功：{json.dumps(user_info, indent=2)}")
            else:
                print("
 获取用户信息失败")
        else:
            print(f"
 获取访问令牌失败：{json.dumps(token_data, indent=2)}")
    else:
        print("
 获取访问令牌失败")
 ```
 PHP
 ```php
 // 通过 OAuth2 获取 Linux Do 用户信息的参考流程
 // 配置信息
 $CLIENT_ID = '你的 Client ID';
 $CLIENT_SECRET = '你的 Client Secret';
 $REDIRECT_URI = '你的回调地址';
 $AUTH_URL = 'https://connect.linux.do/oauth2/authorize';
 $TOKEN_URL = 'https://connect.linux.do/oauth2/token';
 $USER_INFO_URL = 'https://connect.linux.do/api/user';
 // 生成授权 URL
 function getAuthUrl($clientId, $redirectUri) {
    global $AUTH_URL;
    return $AUTH_URL . '?' . http_build_query([
        'client_id' => $clientId,
        'redirect_uri' => $redirectUri,
        'response_type' => 'code',
        'scope' => 'user'
    ]);
 }
 // 使用 code 参数获取用户信息（合并获取令牌和获取用户信息的步骤）
 function getUserInfoWithCode($code, $clientId, $clientSecret, $redirectUri) {
    global $TOKEN_URL, $USER_INFO_URL;
    // 1. 获取访问令牌
    $ch = curl_init($TOKEN_URL);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
        'client_id' => $clientId,
        'client_secret' => $clientSecret,
        'code' => $code,
        'redirect_uri' => $redirectUri,
        'grant_type' => 'authorization_code'
    ]));
    curl_setopt($ch, CURLOPT_HTTPHEADER, [
        'Content-Type: application/x-www-form-urlencoded',
        'Accept: application/json'
    ]);
    $tokenResponse = curl_exec($ch);
    curl_close($ch);
    $tokenData = json_decode($tokenResponse, true);
    if (!isset($tokenData['access_token'])) {
        return ['error' => '获取访问令牌失败', 'details' => $tokenData];
    }
    // 2. 获取用户信息
    $ch = curl_init($USER_INFO_URL);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, [
        'Authorization: Bearer ' . $tokenData['access_token']
    ]);
    $userResponse = curl_exec($ch);
    curl_close($ch);
    return json_decode($userResponse, true);
 }
 // 主流程
 // 1. 生成授权 URL
 $authUrl = getAuthUrl($CLIENT_ID, $REDIRECT_URI);
 echo "<a href='$authUrl'>使用 Linux Do 登录</a>";
 // 2. 处理回调并获取用户信息
 if (isset($_GET['code'])) {
    $userInfo = getUserInfoWithCode(
        $_GET['code'],
        $CLIENT_ID,
        $CLIENT_SECRET,
        $REDIRECT_URI
    );
    if (isset($userInfo['error'])) {
        echo '错误: ' . $userInfo['error'];
    } else {
        echo '欢迎, ' . $userInfo['name'] . '!';
        // 处理用户登录逻辑...
    }
 }
 ```
 ## 使用说明
 ### 授权流程
 1. 用户点击应用中的’使用 Linux Do 登录’按钮
 2. 系统将用户重定向至 Linux Do 的授权页面
 3. 用户完成授权后，系统自动重定向回应用并携带授权码
 4. 应用使用授权码获取访问令牌
 5. 使用访问令牌获取用户信息
 ### 安全建议
 - 切勿在前端代码中暴露 Client Secret
 - 对所有用户输入数据进行严格验证
 - 确保使用 HTTPS 协议传输数据
 - 定期更新并妥善保管 Client Secret
--- a/5
+++ b/5
@@ -1,4 +1,4 @@
-.PHONY: build build-backend build-frontend test test-backend test-frontend
+.PHONY: build build-backend build-frontend test test-backend test-frontend secret-scan
 # 一键编译前后端
 build: build-backend build-frontend
@@ -20,3 +20,6 @@ test-backend:
 test-frontend:
 	@pnpm --dir frontend run lint:check
 	@pnpm --dir frontend run typecheck
 secret-scan:
 	@python3 tools/secret_scan.py
--- a/PR_DESCRIPTION.md
+++ b/PR_DESCRIPTION.md
@@ -1,164 +0,0 @@
 ## 概述
 全面增强运维监控系统（Ops）的错误日志管理和告警静默功能，优化前端 UI 组件代码质量和用户体验。本次更新重构了核心服务层和数据访问层，提升系统可维护性和运维效率。
 ## 主要改动
 ### 1. 错误日志查询优化
 **功能特性：**
 - 新增 GetErrorLogByID 接口，支持按 ID 精确查询错误详情
 - 优化错误日志过滤逻辑，支持多维度筛选（平台、阶段、来源、所有者等）
 - 改进查询参数处理，简化代码结构
 - 增强错误分类和标准化处理
 - 支持错误解决状态追踪（resolved 字段）
 **技术实现：**
 - `ops_handler.go` - 新增单条错误日志查询接口
 - `ops_repo.go` - 优化数据查询和过滤条件构建
 - `ops_models.go` - 扩展错误日志数据模型
 - 前端 API 接口同步更新
 ### 2. 告警静默功能
 **功能特性：**
 - 支持按规则、平台、分组、区域等维度静默告警
 - 可设置静默时长和原因说明
 - 静默记录可追溯，记录创建人和创建时间
 - 自动过期机制，避免永久静默
 **技术实现：**
 - `037_ops_alert_silences.sql` - 新增告警静默表
 - `ops_alerts.go` - 告警静默逻辑实现
 - `ops_alerts_handler.go` - 告警静默 API 接口
 - `OpsAlertEventsCard.vue` - 前端告警静默操作界面
 **数据库结构：**
 | 字段 | 类型 | 说明 |
 |------|------|------|
 | rule_id | BIGINT | 告警规则 ID |
 | platform | VARCHAR(64) | 平台标识 |
 | group_id | BIGINT | 分组 ID（可选） |
 | region | VARCHAR(64) | 区域（可选） |
 | until | TIMESTAMPTZ | 静默截止时间 |
 | reason | TEXT | 静默原因 |
 | created_by | BIGINT | 创建人 ID |
 ### 3. 错误分类标准化
 **功能特性：**
 - 统一错误阶段分类（request|auth|routing|upstream|network|internal）
 - 规范错误归属分类（client|provider|platform）
 - 标准化错误来源分类（client_request|upstream_http|gateway）
 - 自动迁移历史数据到新分类体系
 **技术实现：**
 - `038_ops_errors_resolution_retry_results_and_standardize_classification.sql` - 分类标准化迁移
 - 自动映射历史遗留分类到新标准
 - 自动解决已恢复的上游错误（客户端状态码 < 400）
 ### 4. Gateway 服务集成
 **功能特性：**
 - 完善各 Gateway 服务的 Ops 集成
 - 统一错误日志记录接口
 - 增强上游错误追踪能力
 **涉及服务：**
 - `antigravity_gateway_service.go` - Antigravity 网关集成
 - `gateway_service.go` - 通用网关集成
 - `gemini_messages_compat_service.go` - Gemini 兼容层集成
 - `openai_gateway_service.go` - OpenAI 网关集成
 ### 5. 前端 UI 优化
 **代码重构：**
 - 大幅简化错误详情模态框代码（从 828 行优化到 450 行）
 - 优化错误日志表格组件，提升可读性
 - 清理未使用的 i18n 翻译，减少冗余
 - 统一组件代码风格和格式
 - 优化骨架屏组件，更好匹配实际看板布局
 **布局改进：**
 - 修复模态框内容溢出和滚动问题
 - 优化表格布局，使用 flex 布局确保正确显示
 - 改进看板头部布局和交互
 - 提升响应式体验
 - 骨架屏支持全屏模式适配
 **交互优化：**
 - 优化告警事件卡片功能和展示
 - 改进错误详情展示逻辑
 - 增强请求详情模态框
 - 完善运行时设置卡片
 - 改进加载动画效果
 ### 6. 国际化完善
 **文案补充：**
 - 补充错误日志相关的英文翻译
 - 添加告警静默功能的中英文文案
 - 完善提示文本和错误信息
 - 统一术语翻译标准
 ## 文件变更
 **后端（26 个文件）：**
 - `backend/internal/handler/admin/ops_alerts_handler.go` - 告警接口增强
 - `backend/internal/handler/admin/ops_handler.go` - 错误日志接口优化
 - `backend/internal/handler/ops_error_logger.go` - 错误记录器增强
 - `backend/internal/repository/ops_repo.go` - 数据访问层重构
 - `backend/internal/repository/ops_repo_alerts.go` - 告警数据访问增强
 - `backend/internal/service/ops_*.go` - 核心服务层重构（10 个文件）
 - `backend/internal/service/*_gateway_service.go` - Gateway 集成（4 个文件）
 - `backend/internal/server/routes/admin.go` - 路由配置更新
 - `backend/migrations/*.sql` - 数据库迁移（2 个文件）
 - 测试文件更新（5 个文件）
 **前端（13 个文件）：**
 - `frontend/src/views/admin/ops/OpsDashboard.vue` - 看板主页优化
 - `frontend/src/views/admin/ops/components/*.vue` - 组件重构（10 个文件）
 - `frontend/src/api/admin/ops.ts` - API 接口扩展
 - `frontend/src/i18n/locales/*.ts` - 国际化文本（2 个文件）
 ## 代码统计
 - 44 个文件修改
 - 3733 行新增
 - 995 行删除
 - 净增加 2738 行
 ## 核心改进
 **可维护性提升：**
 - 重构核心服务层，职责更清晰
 - 简化前端组件代码，降低复杂度
 - 统一代码风格和命名规范
 - 清理冗余代码和未使用的翻译
 - 标准化错误分类体系
 **功能完善：**
 - 告警静默功能，减少告警噪音
 - 错误日志查询优化，提升运维效率
 - Gateway 服务集成完善，统一监控能力
 - 错误解决状态追踪，便于问题管理
 **用户体验优化：**
 - 修复多个 UI 布局问题
 - 优化交互流程
 - 完善国际化支持
 - 提升响应式体验
 - 改进加载状态展示
 ## 测试验证
 - ✅ 错误日志查询和过滤功能
 - ✅ 告警静默创建和自动过期
 - ✅ 错误分类标准化迁移
 - ✅ Gateway 服务错误日志记录
 - ✅ 前端组件布局和交互
 - ✅ 骨架屏全屏模式适配
 - ✅ 国际化文本完整性
 - ✅ API 接口功能正确性
 - ✅ 数据库迁移执行成功
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 <div align="center">
-[![Go](https://img.shields.io/badge/Go-1.25.5-00ADD8.svg)](https://golang.org/)
+[![Go](https://img.shields.io/badge/Go-1.25.7-00ADD8.svg)](https://golang.org/)
 [![Vue](https://img.shields.io/badge/Vue-3.4+-4FC08D.svg)](https://vuejs.org/)
 [![PostgreSQL](https://img.shields.io/badge/PostgreSQL-15+-336791.svg)](https://www.postgresql.org/)
 [![Redis](https://img.shields.io/badge/Redis-7+-DC382D.svg)](https://redis.io/)
@@ -44,7 +44,7 @@ Sub2API is an AI API gateway platform designed to distribute and manage API quot
 | Component | Technology |
 |-----------|------------|
-| Backend | Go 1.25.5, Gin, Ent |
+| Backend | Go 1.25.7, Gin, Ent |
 | Frontend | Vue 3.4+, Vite 5+, TailwindCSS |
 | Database | PostgreSQL 15+ |
 | Cache/Queue | Redis 7+ |
@@ -128,7 +128,7 @@ curl -sSL https://raw.githubusercontent.com/Wei-Shaw/sub2api/main/deploy/install
 ---
-### Method 2: Docker Compose
+### Method 2: Docker Compose (Recommended)
 Deploy with Docker Compose, including PostgreSQL and Redis containers.
@@ -137,87 +137,157 @@ Deploy with Docker Compose, including PostgreSQL and Redis containers.
 - Docker 20.10+
 - Docker Compose v2+
-#### Installation Steps
+#### Quick Start (One-Click Deployment)
 Use the automated deployment script for easy setup:
 ```bash
 # Create deployment directory
 mkdir -p sub2api-deploy && cd sub2api-deploy
 # Download and run deployment preparation script
 curl -sSL https://raw.githubusercontent.com/Wei-Shaw/sub2api/main/deploy/docker-deploy.sh | bash
 # Start services
 docker-compose -f docker-compose.local.yml up -d
 # View logs
 docker-compose -f docker-compose.local.yml logs -f sub2api
 ```
 **What the script does:**
 - Downloads `docker-compose.local.yml` and `.env.example`
 - Generates secure credentials (JWT_SECRET, TOTP_ENCRYPTION_KEY, POSTGRES_PASSWORD)
 - Creates `.env` file with auto-generated secrets
 - Creates data directories (uses local directories for easy backup/migration)
 - Displays generated credentials for your reference
 #### Manual Deployment
 If you prefer manual setup:
 ```bash
 # 1. Clone the repository
 git clone https://github.com/Wei-Shaw/sub2api.git
-cd sub2api
+cd sub2api/deploy
-# 2. Enter the deploy directory
+# 2. Copy environment configuration
 cd deploy
 # 3. Copy environment configuration
 cp .env.example .env
-# 4. Edit configuration (set your passwords)
+# 3. Edit configuration (generate secure passwords)
 nano .env
 ```
 **Required configuration in `.env`:**
 ```bash
-# PostgreSQL password (REQUIRED - change this!)
+# PostgreSQL password (REQUIRED)
 POSTGRES_PASSWORD=your_secure_password_here
 # JWT Secret (RECOMMENDED - keeps users logged in after restart)
 JWT_SECRET=your_jwt_secret_here
 # TOTP Encryption Key (RECOMMENDED - preserves 2FA after restart)
 TOTP_ENCRYPTION_KEY=your_totp_key_here
 # Optional: Admin account
 ADMIN_EMAIL=admin@example.com
 ADMIN_PASSWORD=your_admin_password
 # Optional: Custom port
 SERVER_PORT=8080
 ```
-# Optional: Security configuration
+**Generate secure secrets:**
-# Enable URL allowlist validation (false to skip allowlist checks, only basic format validation)
+```bash
-SECURITY_URL_ALLOWLIST_ENABLED=false
+# Generate JWT_SECRET
 openssl rand -hex 32
-# Allow insecure HTTP URLs when allowlist is disabled (default: false, requires https)
+# Generate TOTP_ENCRYPTION_KEY
-# ⚠️ WARNING: Enabling this allows HTTP (plaintext) URLs which can expose API keys
+openssl rand -hex 32
 #             Only recommended for:
 #             - Development/testing environments
 #             - Internal networks with trusted endpoints
 #             - When using local test servers (http://localhost)
 # PRODUCTION: Keep this false or use HTTPS URLs only
 SECURITY_URL_ALLOWLIST_ALLOW_INSECURE_HTTP=false
-# Allow private IP addresses for upstream/pricing/CRS (for internal deployments)
+# Generate POSTGRES_PASSWORD
-SECURITY_URL_ALLOWLIST_ALLOW_PRIVATE_HOSTS=false
+openssl rand -hex 32
 ```
 ```bash
 # 4. Create data directories (for local version)
 mkdir -p data postgres_data redis_data
 # 5. Start all services
 # Option A: Local directory version (recommended - easy migration)
 docker-compose -f docker-compose.local.yml up -d
 # Option B: Named volumes version (simple setup)
 docker-compose up -d
 # 6. Check status
-docker-compose ps
+docker-compose -f docker-compose.local.yml ps
 # 7. View logs
-docker-compose logs -f sub2api
+docker-compose -f docker-compose.local.yml logs -f sub2api
 ```
 #### Deployment Versions
 | Version | Data Storage | Migration | Best For |
 |---------|-------------|-----------|----------|
 | **docker-compose.local.yml** | Local directories | ✅ Easy (tar entire directory) | Production, frequent backups |
 | **docker-compose.yml** | Named volumes | ⚠️ Requires docker commands | Simple setup |
 **Recommendation:** Use `docker-compose.local.yml` (deployed by script) for easier data management.
 #### Access
 Open `http://YOUR_SERVER_IP:8080` in your browser.
 If admin password was auto-generated, find it in logs:
 ```bash
 docker-compose -f docker-compose.local.yml logs sub2api | grep "admin password"
 ```
 #### Upgrade
 ```bash
 # Pull latest image and recreate container
-docker-compose pull
+docker-compose -f docker-compose.local.yml pull
-docker-compose up -d
+docker-compose -f docker-compose.local.yml up -d
 ```
 #### Easy Migration (Local Directory Version)
 When using `docker-compose.local.yml`, migrate to a new server easily:
 ```bash
 # On source server
 docker-compose -f docker-compose.local.yml down
 cd ..
 tar czf sub2api-complete.tar.gz sub2api-deploy/
 # Transfer to new server
 scp sub2api-complete.tar.gz user@new-server:/path/
 # On new server
 tar xzf sub2api-complete.tar.gz
 cd sub2api-deploy/
 docker-compose -f docker-compose.local.yml up -d
 ```
 #### Useful Commands
 ```bash
 # Stop all services
-docker-compose down
+docker-compose -f docker-compose.local.yml down
 # Restart
-docker-compose restart
+docker-compose -f docker-compose.local.yml restart
 # View all logs
-docker-compose logs -f
+docker-compose -f docker-compose.local.yml logs -f
 # Remove all data (caution!)
 docker-compose -f docker-compose.local.yml down
 rm -rf data/ postgres_data/ redis_data/
 ```
 ---
@@ -293,6 +363,12 @@ default:
  rate_multiplier: 1.0
 ```
 ### Sora Status (Temporarily Unavailable)
 > ⚠️ Sora-related features are temporarily unavailable due to technical issues in upstream integration and media delivery.
 > Please do not rely on Sora in production at this time.
 > Existing `gateway.sora_*` configuration keys are reserved and may not take effect until these issues are resolved.
 Additional security-related options are available in `config.yaml`:
 - `cors.allowed_origins` for CORS allowlist
--- a/README_CN.md
+++ b/README_CN.md
@@ -2,7 +2,7 @@
 <div align="center">
-[![Go](https://img.shields.io/badge/Go-1.25.5-00ADD8.svg)](https://golang.org/)
+[![Go](https://img.shields.io/badge/Go-1.25.7-00ADD8.svg)](https://golang.org/)
 [![Vue](https://img.shields.io/badge/Vue-3.4+-4FC08D.svg)](https://vuejs.org/)
 [![PostgreSQL](https://img.shields.io/badge/PostgreSQL-15+-336791.svg)](https://www.postgresql.org/)
 [![Redis](https://img.shields.io/badge/Redis-7+-DC382D.svg)](https://redis.io/)
@@ -44,7 +44,7 @@ Sub2API 是一个 AI API 网关平台，用于分发和管理 AI 产品订阅（
 | 组件 | 技术 |
 |------|------|
-| 后端 | Go 1.25.5, Gin, Ent |
+| 后端 | Go 1.25.7, Gin, Ent |
 | 前端 | Vue 3.4+, Vite 5+, TailwindCSS |
 | 数据库 | PostgreSQL 15+ |
 | 缓存/队列 | Redis 7+ |
@@ -135,96 +135,168 @@ curl -sSL https://raw.githubusercontent.com/Wei-Shaw/sub2api/main/deploy/install
 ---
-### 方式二：Docker Compose
+### 方式二：Docker Compose（推荐）
 使用 Docker Compose 部署，包含 PostgreSQL 和 Redis 容器。
 如果你的服务器是 **Ubuntu 24.04**，建议直接参考：`deploy/ubuntu24-docker-compose-aicodex.md`，其中包含「安装最新版 Docker + docker-compose-aicodex.yml 部署」的完整步骤。
 #### 前置条件
 - Docker 20.10+
 - Docker Compose v2+
-#### 安装步骤
+#### 快速开始（一键部署）
 使用自动化部署脚本快速搭建：
 ```bash
 # 创建部署目录
 mkdir -p sub2api-deploy && cd sub2api-deploy
 # 下载并运行部署准备脚本
 curl -sSL https://raw.githubusercontent.com/Wei-Shaw/sub2api/main/deploy/docker-deploy.sh | bash
 # 启动服务
 docker-compose -f docker-compose.local.yml up -d
 # 查看日志
 docker-compose -f docker-compose.local.yml logs -f sub2api
 ```
 **脚本功能：**
 - 下载 `docker-compose.local.yml` 和 `.env.example`
 - 自动生成安全凭证（JWT_SECRET、TOTP_ENCRYPTION_KEY、POSTGRES_PASSWORD）
 - 创建 `.env` 文件并填充自动生成的密钥
 - 创建数据目录（使用本地目录，便于备份和迁移）
 - 显示生成的凭证供你记录
 #### 手动部署
 如果你希望手动配置：
 ```bash
 # 1. 克隆仓库
 git clone https://github.com/Wei-Shaw/sub2api.git
-cd sub2api
+cd sub2api/deploy
-# 2. 进入 deploy 目录
+# 2. 复制环境配置文件
 cd deploy
 # 3. 复制环境配置文件
 cp .env.example .env
-# 4. 编辑配置（设置密码等）
+# 3. 编辑配置（生成安全密码）
 nano .env
 ```
 **`.env` 必须配置项：**
 ```bash
-# PostgreSQL 密码（必须修改！）
+# PostgreSQL 密码（必需）
 POSTGRES_PASSWORD=your_secure_password_here
 # JWT 密钥（推荐 - 重启后保持用户登录状态）
 JWT_SECRET=your_jwt_secret_here
 # TOTP 加密密钥（推荐 - 重启后保留双因素认证）
 TOTP_ENCRYPTION_KEY=your_totp_key_here
 # 可选：管理员账号
 ADMIN_EMAIL=admin@example.com
 ADMIN_PASSWORD=your_admin_password
 # 可选：自定义端口
 SERVER_PORT=8080
 ```
-# 可选：安全配置
+**生成安全密钥：**
-# 启用 URL 白名单验证（false 则跳过白名单检查，仅做基本格式校验）
+```bash
-SECURITY_URL_ALLOWLIST_ENABLED=false
+# 生成 JWT_SECRET
 openssl rand -hex 32
-# 关闭白名单时，是否允许 http:// URL（默认 false，只允许 https://）
+# 生成 TOTP_ENCRYPTION_KEY
-# ⚠️ 警告：允许 HTTP 会暴露 API 密钥（明文传输）
+openssl rand -hex 32
 #          仅建议在以下场景使用：
 #          - 开发/测试环境
 #          - 内部可信网络
 #          - 本地测试服务器（http://localhost）
 # 生产环境：保持 false 或仅使用 HTTPS URL
 SECURITY_URL_ALLOWLIST_ALLOW_INSECURE_HTTP=false
-# 是否允许私有 IP 地址用于上游/定价/CRS（内网部署时使用）
+# 生成 POSTGRES_PASSWORD
-SECURITY_URL_ALLOWLIST_ALLOW_PRIVATE_HOSTS=false
+openssl rand -hex 32
 ```
 ```bash
 # 4. 创建数据目录（本地版）
 mkdir -p data postgres_data redis_data
 # 5. 启动所有服务
 # 选项 A：本地目录版（推荐 - 易于迁移）
 docker-compose -f docker-compose.local.yml up -d
 # 选项 B：命名卷版（简单设置）
 docker-compose up -d
 # 6. 查看状态
-docker-compose ps
+docker-compose -f docker-compose.local.yml ps
 # 7. 查看日志
-docker-compose logs -f sub2api
+docker-compose -f docker-compose.local.yml logs -f sub2api
 ```
 #### 部署版本对比
 | 版本 | 数据存储 | 迁移便利性 | 适用场景 |
 |------|---------|-----------|---------|
 | **docker-compose.local.yml** | 本地目录 | ✅ 简单（打包整个目录） | 生产环境、频繁备份 |
 | **docker-compose.yml** | 命名卷 | ⚠️ 需要 docker 命令 | 简单设置 |
 **推荐：** 使用 `docker-compose.local.yml`（脚本部署）以便更轻松地管理数据。
 #### 访问
 在浏览器中打开 `http://你的服务器IP:8080`
 如果管理员密码是自动生成的，在日志中查找：
 ```bash
 docker-compose -f docker-compose.local.yml logs sub2api | grep "admin password"
 ```
 #### 升级
 ```bash
 # 拉取最新镜像并重建容器
-docker-compose pull
+docker-compose -f docker-compose.local.yml pull
-docker-compose up -d
+docker-compose -f docker-compose.local.yml up -d
 ```
 #### 轻松迁移（本地目录版）
 使用 `docker-compose.local.yml` 时，可以轻松迁移到新服务器：
 ```bash
 # 源服务器
 docker-compose -f docker-compose.local.yml down
 cd ..
 tar czf sub2api-complete.tar.gz sub2api-deploy/
 # 传输到新服务器
 scp sub2api-complete.tar.gz user@new-server:/path/
 # 新服务器
 tar xzf sub2api-complete.tar.gz
 cd sub2api-deploy/
 docker-compose -f docker-compose.local.yml up -d
 ```
 #### 常用命令
 ```bash
 # 停止所有服务
-docker-compose down
+docker-compose -f docker-compose.local.yml down
 # 重启
-docker-compose restart
+docker-compose -f docker-compose.local.yml restart
 # 查看所有日志
-docker-compose logs -f
+docker-compose -f docker-compose.local.yml logs -f
 # 删除所有数据（谨慎！）
 docker-compose -f docker-compose.local.yml down
 rm -rf data/ postgres_data/ redis_data/
 ```
 ---
@@ -300,6 +372,33 @@ default:
  rate_multiplier: 1.0
 ```
 ### Sora 功能状态（暂不可用）
 > ⚠️ 当前 Sora 相关功能因上游接入与媒体链路存在技术问题，暂时不可用。
 > 现阶段请勿在生产环境依赖 Sora 能力。
 > 文档中的 `gateway.sora_*` 配置仅作预留，待技术问题修复后再恢复可用。
 ### Sora 媒体签名 URL（功能恢复后可选）
 当配置 `gateway.sora_media_signing_key` 且 `gateway.sora_media_signed_url_ttl_seconds > 0` 时，网关会将 Sora 输出的媒体地址改写为临时签名 URL（`/sora/media-signed/...`）。这样无需 API Key 即可在浏览器中直接访问，且具备过期控制与防篡改能力（签名包含 path + query）。
 ```yaml
 gateway:
  # /sora/media 是否强制要求 API Key（默认 false）
  sora_media_require_api_key: false
  # 媒体临时签名密钥（为空则禁用签名）
  sora_media_signing_key: "your-signing-key"
  # 临时签名 URL 有效期（秒）
  sora_media_signed_url_ttl_seconds: 900
 ```
 > 若未配置签名密钥，`/sora/media-signed` 将返回 503。  
 > 如需更严格的访问控制，可将 `sora_media_require_api_key` 设为 true，仅允许携带 API Key 的 `/sora/media` 访问。
 访问策略说明：
 - `/sora/media`：内部调用或客户端携带 API Key 才能下载
 - `/sora/media-signed`：外部可访问，但有签名 + 过期控制
 `config.yaml` 还支持以下安全相关配置：
 - `cors.allowed_origins` 配置 CORS 白名单
@@ -313,6 +412,14 @@ default:
 - `server.trusted_proxies` 启用可信代理解析 X-Forwarded-For
 - `turnstile.required` 在 release 模式强制启用 Turnstile
 **网关防御纵深建议（重点）**
 - `gateway.upstream_response_read_max_bytes`：限制非流式上游响应读取大小（默认 `8MB`），用于防止异常响应导致内存放大。
 - `gateway.proxy_probe_response_read_max_bytes`：限制代理探测响应读取大小（默认 `1MB`）。
 - `gateway.gemini_debug_response_headers`：默认 `false`，仅在排障时短时开启，避免高频请求日志开销。
 - `/auth/register`、`/auth/login`、`/auth/login/2fa`、`/auth/send-verify-code` 已提供服务端兜底限流（Redis 故障时 fail-close）。
 - 推荐将 WAF/CDN 作为第一层防护，服务端限流与响应读取上限作为第二层兜底；两层同时保留，避免旁路流量与误配置风险。
 **⚠️ 安全警告：HTTP URL 配置**
 当 `security.url_allowlist.enabled=false` 时，系统默认执行最小 URL 校验，**拒绝 HTTP URL**，仅允许 HTTPS。要允许 HTTP URL（例如用于开发或内网测试），必须显式设置：
@@ -358,6 +465,29 @@ Invalid base URL: invalid url scheme: http
 ./sub2api
 ```
 #### HTTP/2 (h2c) 与 HTTP/1.1 回退
 后端明文端口默认支持 h2c，并保留 HTTP/1.1 回退用于 WebSocket 与旧客户端。浏览器通常不支持 h2c，性能收益主要在反向代理或内网链路。
 **反向代理示例（Caddy）：**
 ```caddyfile
 transport http {
 	versions h2c h1
 }
 ```
 **验证：**
 ```bash
 # h2c prior knowledge
 curl --http2-prior-knowledge -I http://localhost:8080/health
 # HTTP/1.1 回退
 curl --http1.1 -I http://localhost:8080/health
 # WebSocket 回退验证（需管理员 token）
 websocat -H="Sec-WebSocket-Protocol: sub2api-admin, jwt.<ADMIN_TOKEN>" ws://localhost:8080/api/v1/admin/ops/ws/qps
 ```
 #### 开发模式
 ```bash
--- a/backend/.gosec.json
+++ b/backend/.gosec.json
@@ -0,0 +1,5 @@
 {
  "global": {
    "exclude": "G704"
  }
 }
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.25.5-alpine
+FROM golang:1.25.7-alpine
 WORKDIR /app
@@ -15,7 +15,7 @@ RUN go mod download
 COPY . .
 # 构建应用
-RUN go build -o main cmd/server/main.go
+RUN go build -o main ./cmd/server/
 # 暴露端口
 EXPOSE 8080
--- a/backend/Makefile
+++ b/backend/Makefile
@@ -14,4 +14,7 @@ test-integration:
 	go test -tags=integration ./...
 test-e2e:
-	go test -tags=e2e ./...
+	./scripts/e2e-test.sh
 test-e2e-local:
 	go test -tags=e2e -v -timeout=300s ./internal/integration/...
--- a/backend/cmd/jwtgen/main.go
+++ b/backend/cmd/jwtgen/main.go
@@ -17,7 +17,7 @@ func main() {
 	email := flag.String("email", "", "Admin email to issue a JWT for (defaults to first active admin)")
 	flag.Parse()
-	cfg, err := config.Load()
+	cfg, err := config.LoadForBootstrap()
 	if err != nil {
 		log.Fatalf("failed to load config: %v", err)
 	}
@@ -33,7 +33,7 @@ func main() {
 	}()
 	userRepo := repository.NewUserRepository(client, sqlDB)
-	authService := service.NewAuthService(userRepo, cfg, nil, nil, nil, nil, nil)
+	authService := service.NewAuthService(userRepo, nil, nil, cfg, nil, nil, nil, nil, nil)
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
--- a/backend/cmd/server/VERSION
+++ b/backend/cmd/server/VERSION
@@ -1 +1 @@
-0.1.61
+0.1.85
--- a/backend/cmd/server/main.go
+++ b/backend/cmd/server/main.go
@@ -8,7 +8,6 @@ import (
 	"errors"
 	"flag"
 	"log"
 	"log/slog"
 	"net/http"
 	"os"
 	"os/signal"
@@ -19,11 +18,14 @@ import (
 	_ "github.com/Wei-Shaw/sub2api/ent/runtime"
 	"github.com/Wei-Shaw/sub2api/internal/config"
 	"github.com/Wei-Shaw/sub2api/internal/handler"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/logger"
 	"github.com/Wei-Shaw/sub2api/internal/server/middleware"
 	"github.com/Wei-Shaw/sub2api/internal/setup"
 	"github.com/Wei-Shaw/sub2api/internal/web"
 	"github.com/gin-gonic/gin"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/h2c"
 )
 //go:embed VERSION
@@ -38,7 +40,12 @@ var (
 )
 func init() {
-	// Read version from embedded VERSION file
+	// 如果 Version 已通过 ldflags 注入（例如 -X main.Version=...），则不要覆盖。
 	if strings.TrimSpace(Version) != "" {
 		return
 	}
 	// 默认从 embedded VERSION 文件读取版本号（编译期打包进二进制）。
 	Version = strings.TrimSpace(embeddedVersion)
 	if Version == "" {
 		Version = "0.0.0-dev"
@@ -47,22 +54,9 @@ func init() {
 // initLogger configures the default slog handler based on gin.Mode().
 // In non-release mode, Debug level logs are enabled.
 func initLogger() {
 	var level slog.Level
 	if gin.Mode() == gin.ReleaseMode {
 		level = slog.LevelInfo
 	} else {
 		level = slog.LevelDebug
 	}
 	handler := slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{
 		Level: level,
 	})
 	slog.SetDefault(slog.New(handler))
 }
 func main() {
-	// Initialize slog logger based on gin mode
+	logger.InitBootstrap()
-	initLogger()
+	defer logger.Sync()
 	// Parse command line flags
 	setupMode := flag.Bool("setup", false, "Run setup wizard in CLI mode")
@@ -122,16 +116,26 @@ func runSetupServer() {
 	log.Printf("Setup wizard available at http://%s", addr)
 	log.Println("Complete the setup wizard to configure Sub2API")
-	if err := r.Run(addr); err != nil {
+	server := &http.Server{
 		Addr:              addr,
 		Handler:           h2c.NewHandler(r, &http2.Server{}),
 		ReadHeaderTimeout: 30 * time.Second,
 		IdleTimeout:       120 * time.Second,
 	}
 	if err := server.ListenAndServe(); err != nil && !errors.Is(err, http.ErrServerClosed) {
 		log.Fatalf("Failed to start setup server: %v", err)
 	}
 }
 func runMainServer() {
-	cfg, err := config.Load()
+	cfg, err := config.LoadForBootstrap()
 	if err != nil {
 		log.Fatalf("Failed to load config: %v", err)
 	}
 	if err := logger.Init(logger.OptionsFromConfig(cfg.Log)); err != nil {
 		log.Fatalf("Failed to initialize logger: %v", err)
 	}
 	if cfg.RunMode == config.RunModeSimple {
 		log.Println("⚠️  WARNING: Running in SIMPLE mode - billing and quota checks are DISABLED")
 	}
--- a/backend/cmd/server/wire.go
+++ b/backend/cmd/server/wire.go
@@ -67,14 +67,19 @@ func provideCleanup(
 	opsAlertEvaluator *service.OpsAlertEvaluatorService,
 	opsCleanup *service.OpsCleanupService,
 	opsScheduledReport *service.OpsScheduledReportService,
 	opsSystemLogSink *service.OpsSystemLogSink,
 	soraMediaCleanup *service.SoraMediaCleanupService,
 	schedulerSnapshot *service.SchedulerSnapshotService,
 	tokenRefresh *service.TokenRefreshService,
 	accountExpiry *service.AccountExpiryService,
 	subscriptionExpiry *service.SubscriptionExpiryService,
 	usageCleanup *service.UsageCleanupService,
 	idempotencyCleanup *service.IdempotencyCleanupService,
 	pricing *service.PricingService,
 	emailQueue *service.EmailQueueService,
 	billingCache *service.BillingCacheService,
 	usageRecordWorkerPool *service.UsageRecordWorkerPool,
 	subscriptionService *service.SubscriptionService,
 	oauth *service.OAuthService,
 	openaiOAuth *service.OpenAIOAuthService,
 	geminiOAuth *service.GeminiOAuthService,
@@ -101,6 +106,18 @@ func provideCleanup(
 				}
 				return nil
 			}},
 			{"OpsSystemLogSink", func() error {
 				if opsSystemLogSink != nil {
 					opsSystemLogSink.Stop()
 				}
 				return nil
 			}},
 			{"SoraMediaCleanupService", func() error {
 				if soraMediaCleanup != nil {
 					soraMediaCleanup.Stop()
 				}
 				return nil
 			}},
 			{"OpsAlertEvaluatorService", func() error {
 				if opsAlertEvaluator != nil {
 					opsAlertEvaluator.Stop()
@@ -131,6 +148,12 @@ func provideCleanup(
 				}
 				return nil
 			}},
 			{"IdempotencyCleanupService", func() error {
 				if idempotencyCleanup != nil {
 					idempotencyCleanup.Stop()
 				}
 				return nil
 			}},
 			{"TokenRefreshService", func() error {
 				tokenRefresh.Stop()
 				return nil
@@ -143,6 +166,12 @@ func provideCleanup(
 				subscriptionExpiry.Stop()
 				return nil
 			}},
 			{"SubscriptionService", func() error {
 				if subscriptionService != nil {
 					subscriptionService.Stop()
 				}
 				return nil
 			}},
 			{"PricingService", func() error {
 				pricing.Stop()
 				return nil
@@ -155,6 +184,12 @@ func provideCleanup(
 				billingCache.Stop()
 				return nil
 			}},
 			{"UsageRecordWorkerPool", func() error {
 				if usageRecordWorkerPool != nil {
 					usageRecordWorkerPool.Stop()
 				}
 				return nil
 			}},
 			{"OAuthService", func() error {
 				oauth.Stop()
 				return nil
--- a/backend/cmd/server/wire_gen.go
+++ b/backend/cmd/server/wire_gen.go
@@ -43,9 +43,11 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 		return nil, err
 	}
 	userRepository := repository.NewUserRepository(client, db)
 	redeemCodeRepository := repository.NewRedeemCodeRepository(client)
 	redisClient := repository.ProvideRedis(configConfig)
 	refreshTokenCache := repository.NewRefreshTokenCache(redisClient)
 	settingRepository := repository.NewSettingRepository(client)
 	settingService := service.NewSettingService(settingRepository, configConfig)
 	redisClient := repository.ProvideRedis(configConfig)
 	emailCache := repository.NewEmailCache(redisClient)
 	emailService := service.NewEmailService(settingRepository, emailCache)
 	turnstileVerifier := repository.NewTurnstileVerifier()
@@ -57,30 +59,34 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	billingCacheService := service.NewBillingCacheService(billingCache, userRepository, userSubscriptionRepository, configConfig)
 	apiKeyRepository := repository.NewAPIKeyRepository(client)
 	groupRepository := repository.NewGroupRepository(client, db)
 	userGroupRateRepository := repository.NewUserGroupRateRepository(db)
 	apiKeyCache := repository.NewAPIKeyCache(redisClient)
-	apiKeyService := service.NewAPIKeyService(apiKeyRepository, userRepository, groupRepository, userSubscriptionRepository, apiKeyCache, configConfig)
+	apiKeyService := service.NewAPIKeyService(apiKeyRepository, userRepository, groupRepository, userSubscriptionRepository, userGroupRateRepository, apiKeyCache, configConfig)
 	apiKeyAuthCacheInvalidator := service.ProvideAPIKeyAuthCacheInvalidator(apiKeyService)
 	promoService := service.NewPromoService(promoCodeRepository, userRepository, billingCacheService, client, apiKeyAuthCacheInvalidator)
-	authService := service.NewAuthService(userRepository, configConfig, settingService, emailService, turnstileService, emailQueueService, promoService)
+	authService := service.NewAuthService(userRepository, redeemCodeRepository, refreshTokenCache, configConfig, settingService, emailService, turnstileService, emailQueueService, promoService)
-	userService := service.NewUserService(userRepository, apiKeyAuthCacheInvalidator)
+	userService := service.NewUserService(userRepository, apiKeyAuthCacheInvalidator, billingCache)
 	subscriptionService := service.NewSubscriptionService(groupRepository, userSubscriptionRepository, billingCacheService, client, configConfig)
 	redeemCache := repository.NewRedeemCache(redisClient)
 	redeemService := service.NewRedeemService(redeemCodeRepository, userRepository, subscriptionService, redeemCache, billingCacheService, client, apiKeyAuthCacheInvalidator)
 	secretEncryptor, err := repository.NewAESEncryptor(configConfig)
 	if err != nil {
 		return nil, err
 	}
 	totpCache := repository.NewTotpCache(redisClient)
 	totpService := service.NewTotpService(userRepository, secretEncryptor, totpCache, settingService, emailService, emailQueueService)
-	authHandler := handler.NewAuthHandler(configConfig, authService, userService, settingService, promoService, totpService)
+	authHandler := handler.NewAuthHandler(configConfig, authService, userService, settingService, promoService, redeemService, totpService)
 	userHandler := handler.NewUserHandler(userService)
 	apiKeyHandler := handler.NewAPIKeyHandler(apiKeyService)
 	usageLogRepository := repository.NewUsageLogRepository(client, db)
 	usageService := service.NewUsageService(usageLogRepository, userRepository, client, apiKeyAuthCacheInvalidator)
 	usageHandler := handler.NewUsageHandler(usageService, apiKeyService)
 	redeemCodeRepository := repository.NewRedeemCodeRepository(client)
 	subscriptionService := service.NewSubscriptionService(groupRepository, userSubscriptionRepository, billingCacheService)
 	redeemCache := repository.NewRedeemCache(redisClient)
 	redeemService := service.NewRedeemService(redeemCodeRepository, userRepository, subscriptionService, redeemCache, billingCacheService, client, apiKeyAuthCacheInvalidator)
 	redeemHandler := handler.NewRedeemHandler(redeemService)
 	subscriptionHandler := handler.NewSubscriptionHandler(subscriptionService)
 	announcementRepository := repository.NewAnnouncementRepository(client)
 	announcementReadRepository := repository.NewAnnouncementReadRepository(client)
 	announcementService := service.NewAnnouncementService(announcementRepository, announcementReadRepository, userRepository, userSubscriptionRepository)
 	announcementHandler := handler.NewAnnouncementHandler(announcementService)
 	dashboardAggregationRepository := repository.NewDashboardAggregationRepository(db)
 	dashboardStatsCache := repository.NewDashboardCache(redisClient, configConfig)
 	dashboardService := service.NewDashboardService(usageLogRepository, dashboardAggregationRepository, dashboardStatsCache, configConfig)
@@ -92,11 +98,14 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	dashboardHandler := admin.NewDashboardHandler(dashboardService, dashboardAggregationService)
 	schedulerCache := repository.NewSchedulerCache(redisClient)
 	accountRepository := repository.NewAccountRepository(client, db, schedulerCache)
 	soraAccountRepository := repository.NewSoraAccountRepository(db)
 	proxyRepository := repository.NewProxyRepository(client, db)
 	proxyExitInfoProber := repository.NewProxyExitInfoProber(configConfig)
 	proxyLatencyCache := repository.NewProxyLatencyCache(redisClient)
-	adminService := service.NewAdminService(userRepository, groupRepository, accountRepository, proxyRepository, apiKeyRepository, redeemCodeRepository, billingCacheService, proxyExitInfoProber, proxyLatencyCache, apiKeyAuthCacheInvalidator)
+	adminService := service.NewAdminService(userRepository, groupRepository, accountRepository, soraAccountRepository, proxyRepository, apiKeyRepository, redeemCodeRepository, userGroupRateRepository, billingCacheService, proxyExitInfoProber, proxyLatencyCache, apiKeyAuthCacheInvalidator)
-	adminUserHandler := admin.NewUserHandler(adminService)
+	concurrencyCache := repository.ProvideConcurrencyCache(redisClient, configConfig)
 	concurrencyService := service.ProvideConcurrencyService(concurrencyCache, accountRepository, configConfig)
 	adminUserHandler := admin.NewUserHandler(adminService, concurrencyService)
 	groupHandler := admin.NewGroupHandler(adminService)
 	claudeOAuthClient := repository.NewClaudeOAuthClient()
 	oAuthService := service.NewOAuthService(proxyRepository, claudeOAuthClient)
@@ -104,7 +113,8 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	openAIOAuthService := service.NewOpenAIOAuthService(proxyRepository, openAIOAuthClient)
 	geminiOAuthClient := repository.NewGeminiOAuthClient(configConfig)
 	geminiCliCodeAssistClient := repository.NewGeminiCliCodeAssistClient()
-	geminiOAuthService := service.NewGeminiOAuthService(proxyRepository, geminiOAuthClient, geminiCliCodeAssistClient, configConfig)
+	driveClient := repository.NewGeminiDriveClient()
 	geminiOAuthService := service.NewGeminiOAuthService(proxyRepository, geminiOAuthClient, geminiCliCodeAssistClient, driveClient, configConfig)
 	antigravityOAuthService := service.NewAntigravityOAuthService(proxyRepository)
 	geminiQuotaService := service.NewGeminiQuotaService(configConfig, settingRepository)
 	tempUnschedCache := repository.NewTempUnschedCache(redisClient)
@@ -120,14 +130,15 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	accountUsageService := service.NewAccountUsageService(accountRepository, usageLogRepository, claudeUsageFetcher, geminiQuotaService, antigravityQuotaFetcher, usageCache, identityCache)
 	geminiTokenProvider := service.NewGeminiTokenProvider(accountRepository, geminiTokenCache, geminiOAuthService)
 	gatewayCache := repository.NewGatewayCache(redisClient)
 	schedulerOutboxRepository := repository.NewSchedulerOutboxRepository(db)
 	schedulerSnapshotService := service.ProvideSchedulerSnapshotService(schedulerCache, schedulerOutboxRepository, accountRepository, groupRepository, configConfig)
 	antigravityTokenProvider := service.NewAntigravityTokenProvider(accountRepository, geminiTokenCache, antigravityOAuthService)
-	antigravityGatewayService := service.NewAntigravityGatewayService(accountRepository, gatewayCache, antigravityTokenProvider, rateLimitService, httpUpstream, settingService)
+	antigravityGatewayService := service.NewAntigravityGatewayService(accountRepository, gatewayCache, schedulerSnapshotService, antigravityTokenProvider, rateLimitService, httpUpstream, settingService)
 	accountTestService := service.NewAccountTestService(accountRepository, geminiTokenProvider, antigravityGatewayService, httpUpstream, configConfig)
 	concurrencyCache := repository.ProvideConcurrencyCache(redisClient, configConfig)
 	concurrencyService := service.ProvideConcurrencyService(concurrencyCache, accountRepository, configConfig)
 	crsSyncService := service.NewCRSSyncService(accountRepository, proxyRepository, oAuthService, openAIOAuthService, geminiOAuthService, configConfig)
 	sessionLimitCache := repository.ProvideSessionLimitCache(redisClient, configConfig)
 	accountHandler := admin.NewAccountHandler(adminService, oAuthService, openAIOAuthService, geminiOAuthService, antigravityOAuthService, rateLimitService, accountUsageService, accountTestService, concurrencyService, crsSyncService, sessionLimitCache, compositeTokenCacheInvalidator)
 	adminAnnouncementHandler := admin.NewAnnouncementHandler(announcementService)
 	oAuthHandler := admin.NewOAuthHandler(oAuthService)
 	openAIOAuthHandler := admin.NewOpenAIOAuthHandler(openAIOAuthService, adminService)
 	geminiOAuthHandler := admin.NewGeminiOAuthHandler(geminiOAuthService)
@@ -136,8 +147,6 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	adminRedeemHandler := admin.NewRedeemHandler(adminService)
 	promoHandler := admin.NewPromoHandler(promoService)
 	opsRepository := repository.NewOpsRepository(db)
 	schedulerOutboxRepository := repository.NewSchedulerOutboxRepository(db)
 	schedulerSnapshotService := service.ProvideSchedulerSnapshotService(schedulerCache, schedulerOutboxRepository, accountRepository, groupRepository, configConfig)
 	pricingRemoteClient := repository.ProvidePricingRemoteClient(configConfig)
 	pricingService, err := service.ProvidePricingService(configConfig, pricingRemoteClient)
 	if err != nil {
@@ -147,18 +156,22 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	identityService := service.NewIdentityService(identityCache)
 	deferredService := service.ProvideDeferredService(accountRepository, timingWheelService)
 	claudeTokenProvider := service.NewClaudeTokenProvider(accountRepository, geminiTokenCache, oAuthService)
-	gatewayService := service.NewGatewayService(accountRepository, groupRepository, usageLogRepository, userRepository, userSubscriptionRepository, gatewayCache, configConfig, schedulerSnapshotService, concurrencyService, billingService, rateLimitService, billingCacheService, identityService, httpUpstream, deferredService, claudeTokenProvider, sessionLimitCache)
+	digestSessionStore := service.NewDigestSessionStore()
 	gatewayService := service.NewGatewayService(accountRepository, groupRepository, usageLogRepository, userRepository, userSubscriptionRepository, userGroupRateRepository, gatewayCache, configConfig, schedulerSnapshotService, concurrencyService, billingService, rateLimitService, billingCacheService, identityService, httpUpstream, deferredService, claudeTokenProvider, sessionLimitCache, digestSessionStore)
 	openAITokenProvider := service.NewOpenAITokenProvider(accountRepository, geminiTokenCache, openAIOAuthService)
 	openAIGatewayService := service.NewOpenAIGatewayService(accountRepository, usageLogRepository, userRepository, userSubscriptionRepository, gatewayCache, configConfig, schedulerSnapshotService, concurrencyService, billingService, rateLimitService, billingCacheService, httpUpstream, deferredService, openAITokenProvider)
 	geminiMessagesCompatService := service.NewGeminiMessagesCompatService(accountRepository, groupRepository, gatewayCache, schedulerSnapshotService, geminiTokenProvider, rateLimitService, httpUpstream, antigravityGatewayService, configConfig)
-	opsService := service.NewOpsService(opsRepository, settingRepository, configConfig, accountRepository, concurrencyService, gatewayService, openAIGatewayService, geminiMessagesCompatService, antigravityGatewayService)
+	opsSystemLogSink := service.ProvideOpsSystemLogSink(opsRepository)
 	opsService := service.NewOpsService(opsRepository, settingRepository, configConfig, accountRepository, userRepository, concurrencyService, gatewayService, openAIGatewayService, geminiMessagesCompatService, antigravityGatewayService, opsSystemLogSink)
 	settingHandler := admin.NewSettingHandler(settingService, emailService, turnstileService, opsService)
 	opsHandler := admin.NewOpsHandler(opsService)
 	updateCache := repository.NewUpdateCache(redisClient)
 	gitHubReleaseClient := repository.ProvideGitHubReleaseClient(configConfig)
 	serviceBuildInfo := provideServiceBuildInfo(buildInfo)
 	updateService := service.ProvideUpdateService(updateCache, gitHubReleaseClient, serviceBuildInfo)
-	systemHandler := handler.ProvideSystemHandler(updateService)
+	idempotencyRepository := repository.NewIdempotencyRepository(client, db)
 	systemOperationLockService := service.ProvideSystemOperationLockService(idempotencyRepository, configConfig)
 	systemHandler := handler.ProvideSystemHandler(updateService, systemOperationLockService)
 	adminSubscriptionHandler := admin.NewSubscriptionHandler(subscriptionService)
 	usageCleanupRepository := repository.NewUsageCleanupRepository(client, db)
 	usageCleanupService := service.ProvideUsageCleanupService(usageCleanupRepository, timingWheelService, dashboardAggregationService, configConfig)
@@ -167,12 +180,23 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	userAttributeValueRepository := repository.NewUserAttributeValueRepository(client)
 	userAttributeService := service.NewUserAttributeService(userAttributeDefinitionRepository, userAttributeValueRepository)
 	userAttributeHandler := admin.NewUserAttributeHandler(userAttributeService)
-	adminHandlers := handler.ProvideAdminHandlers(dashboardHandler, adminUserHandler, groupHandler, accountHandler, oAuthHandler, openAIOAuthHandler, geminiOAuthHandler, antigravityOAuthHandler, proxyHandler, adminRedeemHandler, promoHandler, settingHandler, opsHandler, systemHandler, adminSubscriptionHandler, adminUsageHandler, userAttributeHandler)
+	errorPassthroughRepository := repository.NewErrorPassthroughRepository(client)
-	gatewayHandler := handler.NewGatewayHandler(gatewayService, geminiMessagesCompatService, antigravityGatewayService, userService, concurrencyService, billingCacheService, configConfig)
+	errorPassthroughCache := repository.NewErrorPassthroughCache(redisClient)
-	openAIGatewayHandler := handler.NewOpenAIGatewayHandler(openAIGatewayService, concurrencyService, billingCacheService, configConfig)
+	errorPassthroughService := service.NewErrorPassthroughService(errorPassthroughRepository, errorPassthroughCache)
 	errorPassthroughHandler := admin.NewErrorPassthroughHandler(errorPassthroughService)
 	adminHandlers := handler.ProvideAdminHandlers(dashboardHandler, adminUserHandler, groupHandler, accountHandler, adminAnnouncementHandler, oAuthHandler, openAIOAuthHandler, geminiOAuthHandler, antigravityOAuthHandler, proxyHandler, adminRedeemHandler, promoHandler, settingHandler, opsHandler, systemHandler, adminSubscriptionHandler, adminUsageHandler, userAttributeHandler, errorPassthroughHandler)
 	usageRecordWorkerPool := service.NewUsageRecordWorkerPool(configConfig)
 	gatewayHandler := handler.NewGatewayHandler(gatewayService, geminiMessagesCompatService, antigravityGatewayService, userService, concurrencyService, billingCacheService, usageService, apiKeyService, usageRecordWorkerPool, errorPassthroughService, configConfig)
 	openAIGatewayHandler := handler.NewOpenAIGatewayHandler(openAIGatewayService, concurrencyService, billingCacheService, apiKeyService, usageRecordWorkerPool, errorPassthroughService, configConfig)
 	soraSDKClient := service.ProvideSoraSDKClient(configConfig, httpUpstream, openAITokenProvider, accountRepository, soraAccountRepository)
 	soraMediaStorage := service.ProvideSoraMediaStorage(configConfig)
 	soraGatewayService := service.NewSoraGatewayService(soraSDKClient, soraMediaStorage, rateLimitService, configConfig)
 	soraGatewayHandler := handler.NewSoraGatewayHandler(gatewayService, soraGatewayService, concurrencyService, billingCacheService, usageRecordWorkerPool, configConfig)
 	handlerSettingHandler := handler.ProvideSettingHandler(settingService, buildInfo)
 	totpHandler := handler.NewTotpHandler(totpService)
-	handlers := handler.ProvideHandlers(authHandler, userHandler, apiKeyHandler, usageHandler, redeemHandler, subscriptionHandler, adminHandlers, gatewayHandler, openAIGatewayHandler, handlerSettingHandler, totpHandler)
+	idempotencyCoordinator := service.ProvideIdempotencyCoordinator(idempotencyRepository, configConfig)
 	idempotencyCleanupService := service.ProvideIdempotencyCleanupService(idempotencyRepository, configConfig)
 	handlers := handler.ProvideHandlers(authHandler, userHandler, apiKeyHandler, usageHandler, redeemHandler, subscriptionHandler, announcementHandler, adminHandlers, gatewayHandler, openAIGatewayHandler, soraGatewayHandler, handlerSettingHandler, totpHandler, idempotencyCoordinator, idempotencyCleanupService)
 	jwtAuthMiddleware := middleware.NewJWTAuthMiddleware(authService, userService)
 	adminAuthMiddleware := middleware.NewAdminAuthMiddleware(authService, userService, settingService)
 	apiKeyAuthMiddleware := middleware.NewAPIKeyAuthMiddleware(apiKeyService, subscriptionService, configConfig)
@@ -183,10 +207,11 @@ func initializeApplication(buildInfo handler.BuildInfo) (*Application, error) {
 	opsAlertEvaluatorService := service.ProvideOpsAlertEvaluatorService(opsService, opsRepository, emailService, redisClient, configConfig)
 	opsCleanupService := service.ProvideOpsCleanupService(opsRepository, db, redisClient, configConfig)
 	opsScheduledReportService := service.ProvideOpsScheduledReportService(opsService, userService, emailService, redisClient, configConfig)
-	tokenRefreshService := service.ProvideTokenRefreshService(accountRepository, oAuthService, openAIOAuthService, geminiOAuthService, antigravityOAuthService, compositeTokenCacheInvalidator, configConfig)
+	soraMediaCleanupService := service.ProvideSoraMediaCleanupService(soraMediaStorage, configConfig)
 	tokenRefreshService := service.ProvideTokenRefreshService(accountRepository, soraAccountRepository, oAuthService, openAIOAuthService, geminiOAuthService, antigravityOAuthService, compositeTokenCacheInvalidator, schedulerCache, configConfig)
 	accountExpiryService := service.ProvideAccountExpiryService(accountRepository)
 	subscriptionExpiryService := service.ProvideSubscriptionExpiryService(userSubscriptionRepository)
-	v := provideCleanup(client, redisClient, opsMetricsCollector, opsAggregationService, opsAlertEvaluatorService, opsCleanupService, opsScheduledReportService, schedulerSnapshotService, tokenRefreshService, accountExpiryService, subscriptionExpiryService, usageCleanupService, pricingService, emailQueueService, billingCacheService, oAuthService, openAIOAuthService, geminiOAuthService, antigravityOAuthService)
+	v := provideCleanup(client, redisClient, opsMetricsCollector, opsAggregationService, opsAlertEvaluatorService, opsCleanupService, opsScheduledReportService, opsSystemLogSink, soraMediaCleanupService, schedulerSnapshotService, tokenRefreshService, accountExpiryService, subscriptionExpiryService, usageCleanupService, idempotencyCleanupService, pricingService, emailQueueService, billingCacheService, usageRecordWorkerPool, subscriptionService, oAuthService, openAIOAuthService, geminiOAuthService, antigravityOAuthService)
 	application := &Application{
 		Server:  httpServer,
 		Cleanup: v,
@@ -216,14 +241,19 @@ func provideCleanup(
 	opsAlertEvaluator *service.OpsAlertEvaluatorService,
 	opsCleanup *service.OpsCleanupService,
 	opsScheduledReport *service.OpsScheduledReportService,
 	opsSystemLogSink *service.OpsSystemLogSink,
 	soraMediaCleanup *service.SoraMediaCleanupService,
 	schedulerSnapshot *service.SchedulerSnapshotService,
 	tokenRefresh *service.TokenRefreshService,
 	accountExpiry *service.AccountExpiryService,
 	subscriptionExpiry *service.SubscriptionExpiryService,
 	usageCleanup *service.UsageCleanupService,
 	idempotencyCleanup *service.IdempotencyCleanupService,
 	pricing *service.PricingService,
 	emailQueue *service.EmailQueueService,
 	billingCache *service.BillingCacheService,
 	usageRecordWorkerPool *service.UsageRecordWorkerPool,
 	subscriptionService *service.SubscriptionService,
 	oauth *service.OAuthService,
 	openaiOAuth *service.OpenAIOAuthService,
 	geminiOAuth *service.GeminiOAuthService,
@@ -249,6 +279,18 @@ func provideCleanup(
 				}
 				return nil
 			}},
 			{"OpsSystemLogSink", func() error {
 				if opsSystemLogSink != nil {
 					opsSystemLogSink.Stop()
 				}
 				return nil
 			}},
 			{"SoraMediaCleanupService", func() error {
 				if soraMediaCleanup != nil {
 					soraMediaCleanup.Stop()
 				}
 				return nil
 			}},
 			{"OpsAlertEvaluatorService", func() error {
 				if opsAlertEvaluator != nil {
 					opsAlertEvaluator.Stop()
@@ -279,6 +321,12 @@ func provideCleanup(
 				}
 				return nil
 			}},
 			{"IdempotencyCleanupService", func() error {
 				if idempotencyCleanup != nil {
 					idempotencyCleanup.Stop()
 				}
 				return nil
 			}},
 			{"TokenRefreshService", func() error {
 				tokenRefresh.Stop()
 				return nil
@@ -291,6 +339,12 @@ func provideCleanup(
 				subscriptionExpiry.Stop()
 				return nil
 			}},
 			{"SubscriptionService", func() error {
 				if subscriptionService != nil {
 					subscriptionService.Stop()
 				}
 				return nil
 			}},
 			{"PricingService", func() error {
 				pricing.Stop()
 				return nil
@@ -303,6 +357,12 @@ func provideCleanup(
 				billingCache.Stop()
 				return nil
 			}},
 			{"UsageRecordWorkerPool", func() error {
 				if usageRecordWorkerPool != nil {
 					usageRecordWorkerPool.Stop()
 				}
 				return nil
 			}},
 			{"OAuthService", func() error {
 				oauth.Stop()
 				return nil
--- a/backend/ent/announcement.go
+++ b/backend/ent/announcement.go
@@ -0,0 +1,249 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"encoding/json"
 	"fmt"
 	"strings"
 	"time"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect/sql"
 	"github.com/Wei-Shaw/sub2api/ent/announcement"
 	"github.com/Wei-Shaw/sub2api/internal/domain"
 )
 // Announcement is the model entity for the Announcement schema.
 type Announcement struct {
 	config `json:"-"`
 	// ID of the ent.
 	ID int64 `json:"id,omitempty"`
 	// 公告标题
 	Title string `json:"title,omitempty"`
 	// 公告内容（支持 Markdown）
 	Content string `json:"content,omitempty"`
 	// 状态: draft, active, archived
 	Status string `json:"status,omitempty"`
 	// 展示条件（JSON 规则）
 	Targeting domain.AnnouncementTargeting `json:"targeting,omitempty"`
 	// 开始展示时间（为空表示立即生效）
 	StartsAt *time.Time `json:"starts_at,omitempty"`
 	// 结束展示时间（为空表示永久生效）
 	EndsAt *time.Time `json:"ends_at,omitempty"`
 	// 创建人用户ID（管理员）
 	CreatedBy *int64 `json:"created_by,omitempty"`
 	// 更新人用户ID（管理员）
 	UpdatedBy *int64 `json:"updated_by,omitempty"`
 	// CreatedAt holds the value of the "created_at" field.
 	CreatedAt time.Time `json:"created_at,omitempty"`
 	// UpdatedAt holds the value of the "updated_at" field.
 	UpdatedAt time.Time `json:"updated_at,omitempty"`
 	// Edges holds the relations/edges for other nodes in the graph.
 	// The values are being populated by the AnnouncementQuery when eager-loading is set.
 	Edges        AnnouncementEdges `json:"edges"`
 	selectValues sql.SelectValues
 }
 // AnnouncementEdges holds the relations/edges for other nodes in the graph.
 type AnnouncementEdges struct {
 	// Reads holds the value of the reads edge.
 	Reads []*AnnouncementRead `json:"reads,omitempty"`
 	// loadedTypes holds the information for reporting if a
 	// type was loaded (or requested) in eager-loading or not.
 	loadedTypes [1]bool
 }
 // ReadsOrErr returns the Reads value or an error if the edge
 // was not loaded in eager-loading.
 func (e AnnouncementEdges) ReadsOrErr() ([]*AnnouncementRead, error) {
 	if e.loadedTypes[0] {
 		return e.Reads, nil
 	}
 	return nil, &NotLoadedError{edge: "reads"}
 }
 // scanValues returns the types for scanning values from sql.Rows.
 func (*Announcement) scanValues(columns []string) ([]any, error) {
 	values := make([]any, len(columns))
 	for i := range columns {
 		switch columns[i] {
 		case announcement.FieldTargeting:
 			values[i] = new([]byte)
 		case announcement.FieldID, announcement.FieldCreatedBy, announcement.FieldUpdatedBy:
 			values[i] = new(sql.NullInt64)
 		case announcement.FieldTitle, announcement.FieldContent, announcement.FieldStatus:
 			values[i] = new(sql.NullString)
 		case announcement.FieldStartsAt, announcement.FieldEndsAt, announcement.FieldCreatedAt, announcement.FieldUpdatedAt:
 			values[i] = new(sql.NullTime)
 		default:
 			values[i] = new(sql.UnknownType)
 		}
 	}
 	return values, nil
 }
 // assignValues assigns the values that were returned from sql.Rows (after scanning)
 // to the Announcement fields.
 func (_m *Announcement) assignValues(columns []string, values []any) error {
 	if m, n := len(values), len(columns); m < n {
 		return fmt.Errorf("mismatch number of scan values: %d != %d", m, n)
 	}
 	for i := range columns {
 		switch columns[i] {
 		case announcement.FieldID:
 			value, ok := values[i].(*sql.NullInt64)
 			if !ok {
 				return fmt.Errorf("unexpected type %T for field id", value)
 			}
 			_m.ID = int64(value.Int64)
 		case announcement.FieldTitle:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field title", values[i])
 			} else if value.Valid {
 				_m.Title = value.String
 			}
 		case announcement.FieldContent:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field content", values[i])
 			} else if value.Valid {
 				_m.Content = value.String
 			}
 		case announcement.FieldStatus:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field status", values[i])
 			} else if value.Valid {
 				_m.Status = value.String
 			}
 		case announcement.FieldTargeting:
 			if value, ok := values[i].(*[]byte); !ok {
 				return fmt.Errorf("unexpected type %T for field targeting", values[i])
 			} else if value != nil && len(*value) > 0 {
 				if err := json.Unmarshal(*value, &_m.Targeting); err != nil {
 					return fmt.Errorf("unmarshal field targeting: %w", err)
 				}
 			}
 		case announcement.FieldStartsAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field starts_at", values[i])
 			} else if value.Valid {
 				_m.StartsAt = new(time.Time)
 				*_m.StartsAt = value.Time
 			}
 		case announcement.FieldEndsAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field ends_at", values[i])
 			} else if value.Valid {
 				_m.EndsAt = new(time.Time)
 				*_m.EndsAt = value.Time
 			}
 		case announcement.FieldCreatedBy:
 			if value, ok := values[i].(*sql.NullInt64); !ok {
 				return fmt.Errorf("unexpected type %T for field created_by", values[i])
 			} else if value.Valid {
 				_m.CreatedBy = new(int64)
 				*_m.CreatedBy = value.Int64
 			}
 		case announcement.FieldUpdatedBy:
 			if value, ok := values[i].(*sql.NullInt64); !ok {
 				return fmt.Errorf("unexpected type %T for field updated_by", values[i])
 			} else if value.Valid {
 				_m.UpdatedBy = new(int64)
 				*_m.UpdatedBy = value.Int64
 			}
 		case announcement.FieldCreatedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field created_at", values[i])
 			} else if value.Valid {
 				_m.CreatedAt = value.Time
 			}
 		case announcement.FieldUpdatedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field updated_at", values[i])
 			} else if value.Valid {
 				_m.UpdatedAt = value.Time
 			}
 		default:
 			_m.selectValues.Set(columns[i], values[i])
 		}
 	}
 	return nil
 }
 // Value returns the ent.Value that was dynamically selected and assigned to the Announcement.
 // This includes values selected through modifiers, order, etc.
 func (_m *Announcement) Value(name string) (ent.Value, error) {
 	return _m.selectValues.Get(name)
 }
 // QueryReads queries the "reads" edge of the Announcement entity.
 func (_m *Announcement) QueryReads() *AnnouncementReadQuery {
 	return NewAnnouncementClient(_m.config).QueryReads(_m)
 }
 // Update returns a builder for updating this Announcement.
 // Note that you need to call Announcement.Unwrap() before calling this method if this Announcement
 // was returned from a transaction, and the transaction was committed or rolled back.
 func (_m *Announcement) Update() *AnnouncementUpdateOne {
 	return NewAnnouncementClient(_m.config).UpdateOne(_m)
 }
 // Unwrap unwraps the Announcement entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
 func (_m *Announcement) Unwrap() *Announcement {
 	_tx, ok := _m.config.driver.(*txDriver)
 	if !ok {
 		panic("ent: Announcement is not a transactional entity")
 	}
 	_m.config.driver = _tx.drv
 	return _m
 }
 // String implements the fmt.Stringer.
 func (_m *Announcement) String() string {
 	var builder strings.Builder
 	builder.WriteString("Announcement(")
 	builder.WriteString(fmt.Sprintf("id=%v, ", _m.ID))
 	builder.WriteString("title=")
 	builder.WriteString(_m.Title)
 	builder.WriteString(", ")
 	builder.WriteString("content=")
 	builder.WriteString(_m.Content)
 	builder.WriteString(", ")
 	builder.WriteString("status=")
 	builder.WriteString(_m.Status)
 	builder.WriteString(", ")
 	builder.WriteString("targeting=")
 	builder.WriteString(fmt.Sprintf("%v", _m.Targeting))
 	builder.WriteString(", ")
 	if v := _m.StartsAt; v != nil {
 		builder.WriteString("starts_at=")
 		builder.WriteString(v.Format(time.ANSIC))
 	}
 	builder.WriteString(", ")
 	if v := _m.EndsAt; v != nil {
 		builder.WriteString("ends_at=")
 		builder.WriteString(v.Format(time.ANSIC))
 	}
 	builder.WriteString(", ")
 	if v := _m.CreatedBy; v != nil {
 		builder.WriteString("created_by=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteString(", ")
 	if v := _m.UpdatedBy; v != nil {
 		builder.WriteString("updated_by=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteString(", ")
 	builder.WriteString("created_at=")
 	builder.WriteString(_m.CreatedAt.Format(time.ANSIC))
 	builder.WriteString(", ")
 	builder.WriteString("updated_at=")
 	builder.WriteString(_m.UpdatedAt.Format(time.ANSIC))
 	builder.WriteByte(')')
 	return builder.String()
 }
 // Announcements is a parsable slice of Announcement.
 type Announcements []*Announcement
--- a/backend/ent/announcement/announcement.go
+++ b/backend/ent/announcement/announcement.go
@@ -0,0 +1,164 @@
 // Code generated by ent, DO NOT EDIT.
 package announcement
 import (
 	"time"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 )
 const (
 	// Label holds the string label denoting the announcement type in the database.
 	Label = "announcement"
 	// FieldID holds the string denoting the id field in the database.
 	FieldID = "id"
 	// FieldTitle holds the string denoting the title field in the database.
 	FieldTitle = "title"
 	// FieldContent holds the string denoting the content field in the database.
 	FieldContent = "content"
 	// FieldStatus holds the string denoting the status field in the database.
 	FieldStatus = "status"
 	// FieldTargeting holds the string denoting the targeting field in the database.
 	FieldTargeting = "targeting"
 	// FieldStartsAt holds the string denoting the starts_at field in the database.
 	FieldStartsAt = "starts_at"
 	// FieldEndsAt holds the string denoting the ends_at field in the database.
 	FieldEndsAt = "ends_at"
 	// FieldCreatedBy holds the string denoting the created_by field in the database.
 	FieldCreatedBy = "created_by"
 	// FieldUpdatedBy holds the string denoting the updated_by field in the database.
 	FieldUpdatedBy = "updated_by"
 	// FieldCreatedAt holds the string denoting the created_at field in the database.
 	FieldCreatedAt = "created_at"
 	// FieldUpdatedAt holds the string denoting the updated_at field in the database.
 	FieldUpdatedAt = "updated_at"
 	// EdgeReads holds the string denoting the reads edge name in mutations.
 	EdgeReads = "reads"
 	// Table holds the table name of the announcement in the database.
 	Table = "announcements"
 	// ReadsTable is the table that holds the reads relation/edge.
 	ReadsTable = "announcement_reads"
 	// ReadsInverseTable is the table name for the AnnouncementRead entity.
 	// It exists in this package in order to avoid circular dependency with the "announcementread" package.
 	ReadsInverseTable = "announcement_reads"
 	// ReadsColumn is the table column denoting the reads relation/edge.
 	ReadsColumn = "announcement_id"
 )
 // Columns holds all SQL columns for announcement fields.
 var Columns = []string{
 	FieldID,
 	FieldTitle,
 	FieldContent,
 	FieldStatus,
 	FieldTargeting,
 	FieldStartsAt,
 	FieldEndsAt,
 	FieldCreatedBy,
 	FieldUpdatedBy,
 	FieldCreatedAt,
 	FieldUpdatedAt,
 }
 // ValidColumn reports if the column name is valid (part of the table columns).
 func ValidColumn(column string) bool {
 	for i := range Columns {
 		if column == Columns[i] {
 			return true
 		}
 	}
 	return false
 }
 var (
 	// TitleValidator is a validator for the "title" field. It is called by the builders before save.
 	TitleValidator func(string) error
 	// ContentValidator is a validator for the "content" field. It is called by the builders before save.
 	ContentValidator func(string) error
 	// DefaultStatus holds the default value on creation for the "status" field.
 	DefaultStatus string
 	// StatusValidator is a validator for the "status" field. It is called by the builders before save.
 	StatusValidator func(string) error
 	// DefaultCreatedAt holds the default value on creation for the "created_at" field.
 	DefaultCreatedAt func() time.Time
 	// DefaultUpdatedAt holds the default value on creation for the "updated_at" field.
 	DefaultUpdatedAt func() time.Time
 	// UpdateDefaultUpdatedAt holds the default value on update for the "updated_at" field.
 	UpdateDefaultUpdatedAt func() time.Time
 )
 // OrderOption defines the ordering options for the Announcement queries.
 type OrderOption func(*sql.Selector)
 // ByID orders the results by the id field.
 func ByID(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldID, opts...).ToFunc()
 }
 // ByTitle orders the results by the title field.
 func ByTitle(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldTitle, opts...).ToFunc()
 }
 // ByContent orders the results by the content field.
 func ByContent(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldContent, opts...).ToFunc()
 }
 // ByStatus orders the results by the status field.
 func ByStatus(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldStatus, opts...).ToFunc()
 }
 // ByStartsAt orders the results by the starts_at field.
 func ByStartsAt(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldStartsAt, opts...).ToFunc()
 }
 // ByEndsAt orders the results by the ends_at field.
 func ByEndsAt(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldEndsAt, opts...).ToFunc()
 }
 // ByCreatedBy orders the results by the created_by field.
 func ByCreatedBy(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldCreatedBy, opts...).ToFunc()
 }
 // ByUpdatedBy orders the results by the updated_by field.
 func ByUpdatedBy(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldUpdatedBy, opts...).ToFunc()
 }
 // ByCreatedAt orders the results by the created_at field.
 func ByCreatedAt(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldCreatedAt, opts...).ToFunc()
 }
 // ByUpdatedAt orders the results by the updated_at field.
 func ByUpdatedAt(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldUpdatedAt, opts...).ToFunc()
 }
 // ByReadsCount orders the results by reads count.
 func ByReadsCount(opts ...sql.OrderTermOption) OrderOption {
 	return func(s *sql.Selector) {
 		sqlgraph.OrderByNeighborsCount(s, newReadsStep(), opts...)
 	}
 }
 // ByReads orders the results by reads terms.
 func ByReads(term sql.OrderTerm, terms ...sql.OrderTerm) OrderOption {
 	return func(s *sql.Selector) {
 		sqlgraph.OrderByNeighborTerms(s, newReadsStep(), append([]sql.OrderTerm{term}, terms...)...)
 	}
 }
 func newReadsStep() *sqlgraph.Step {
 	return sqlgraph.NewStep(
 		sqlgraph.From(Table, FieldID),
 		sqlgraph.To(ReadsInverseTable, FieldID),
 		sqlgraph.Edge(sqlgraph.O2M, false, ReadsTable, ReadsColumn),
 	)
 }
--- a/backend/ent/announcement/where.go
+++ b/backend/ent/announcement/where.go
@@ -0,0 +1,624 @@
 // Code generated by ent, DO NOT EDIT.
 package announcement
 import (
 	"time"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 )
 // ID filters vertices based on their ID field.
 func ID(id int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldID, id))
 }
 // IDEQ applies the EQ predicate on the ID field.
 func IDEQ(id int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldID, id))
 }
 // IDNEQ applies the NEQ predicate on the ID field.
 func IDNEQ(id int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNEQ(FieldID, id))
 }
 // IDIn applies the In predicate on the ID field.
 func IDIn(ids ...int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldIn(FieldID, ids...))
 }
 // IDNotIn applies the NotIn predicate on the ID field.
 func IDNotIn(ids ...int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNotIn(FieldID, ids...))
 }
 // IDGT applies the GT predicate on the ID field.
 func IDGT(id int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGT(FieldID, id))
 }
 // IDGTE applies the GTE predicate on the ID field.
 func IDGTE(id int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGTE(FieldID, id))
 }
 // IDLT applies the LT predicate on the ID field.
 func IDLT(id int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLT(FieldID, id))
 }
 // IDLTE applies the LTE predicate on the ID field.
 func IDLTE(id int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLTE(FieldID, id))
 }
 // Title applies equality check predicate on the "title" field. It's identical to TitleEQ.
 func Title(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldTitle, v))
 }
 // Content applies equality check predicate on the "content" field. It's identical to ContentEQ.
 func Content(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldContent, v))
 }
 // Status applies equality check predicate on the "status" field. It's identical to StatusEQ.
 func Status(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldStatus, v))
 }
 // StartsAt applies equality check predicate on the "starts_at" field. It's identical to StartsAtEQ.
 func StartsAt(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldStartsAt, v))
 }
 // EndsAt applies equality check predicate on the "ends_at" field. It's identical to EndsAtEQ.
 func EndsAt(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldEndsAt, v))
 }
 // CreatedBy applies equality check predicate on the "created_by" field. It's identical to CreatedByEQ.
 func CreatedBy(v int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldCreatedBy, v))
 }
 // UpdatedBy applies equality check predicate on the "updated_by" field. It's identical to UpdatedByEQ.
 func UpdatedBy(v int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldUpdatedBy, v))
 }
 // CreatedAt applies equality check predicate on the "created_at" field. It's identical to CreatedAtEQ.
 func CreatedAt(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldCreatedAt, v))
 }
 // UpdatedAt applies equality check predicate on the "updated_at" field. It's identical to UpdatedAtEQ.
 func UpdatedAt(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldUpdatedAt, v))
 }
 // TitleEQ applies the EQ predicate on the "title" field.
 func TitleEQ(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldTitle, v))
 }
 // TitleNEQ applies the NEQ predicate on the "title" field.
 func TitleNEQ(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNEQ(FieldTitle, v))
 }
 // TitleIn applies the In predicate on the "title" field.
 func TitleIn(vs ...string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldIn(FieldTitle, vs...))
 }
 // TitleNotIn applies the NotIn predicate on the "title" field.
 func TitleNotIn(vs ...string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNotIn(FieldTitle, vs...))
 }
 // TitleGT applies the GT predicate on the "title" field.
 func TitleGT(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGT(FieldTitle, v))
 }
 // TitleGTE applies the GTE predicate on the "title" field.
 func TitleGTE(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGTE(FieldTitle, v))
 }
 // TitleLT applies the LT predicate on the "title" field.
 func TitleLT(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLT(FieldTitle, v))
 }
 // TitleLTE applies the LTE predicate on the "title" field.
 func TitleLTE(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLTE(FieldTitle, v))
 }
 // TitleContains applies the Contains predicate on the "title" field.
 func TitleContains(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldContains(FieldTitle, v))
 }
 // TitleHasPrefix applies the HasPrefix predicate on the "title" field.
 func TitleHasPrefix(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldHasPrefix(FieldTitle, v))
 }
 // TitleHasSuffix applies the HasSuffix predicate on the "title" field.
 func TitleHasSuffix(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldHasSuffix(FieldTitle, v))
 }
 // TitleEqualFold applies the EqualFold predicate on the "title" field.
 func TitleEqualFold(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEqualFold(FieldTitle, v))
 }
 // TitleContainsFold applies the ContainsFold predicate on the "title" field.
 func TitleContainsFold(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldContainsFold(FieldTitle, v))
 }
 // ContentEQ applies the EQ predicate on the "content" field.
 func ContentEQ(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldContent, v))
 }
 // ContentNEQ applies the NEQ predicate on the "content" field.
 func ContentNEQ(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNEQ(FieldContent, v))
 }
 // ContentIn applies the In predicate on the "content" field.
 func ContentIn(vs ...string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldIn(FieldContent, vs...))
 }
 // ContentNotIn applies the NotIn predicate on the "content" field.
 func ContentNotIn(vs ...string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNotIn(FieldContent, vs...))
 }
 // ContentGT applies the GT predicate on the "content" field.
 func ContentGT(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGT(FieldContent, v))
 }
 // ContentGTE applies the GTE predicate on the "content" field.
 func ContentGTE(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGTE(FieldContent, v))
 }
 // ContentLT applies the LT predicate on the "content" field.
 func ContentLT(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLT(FieldContent, v))
 }
 // ContentLTE applies the LTE predicate on the "content" field.
 func ContentLTE(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLTE(FieldContent, v))
 }
 // ContentContains applies the Contains predicate on the "content" field.
 func ContentContains(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldContains(FieldContent, v))
 }
 // ContentHasPrefix applies the HasPrefix predicate on the "content" field.
 func ContentHasPrefix(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldHasPrefix(FieldContent, v))
 }
 // ContentHasSuffix applies the HasSuffix predicate on the "content" field.
 func ContentHasSuffix(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldHasSuffix(FieldContent, v))
 }
 // ContentEqualFold applies the EqualFold predicate on the "content" field.
 func ContentEqualFold(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEqualFold(FieldContent, v))
 }
 // ContentContainsFold applies the ContainsFold predicate on the "content" field.
 func ContentContainsFold(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldContainsFold(FieldContent, v))
 }
 // StatusEQ applies the EQ predicate on the "status" field.
 func StatusEQ(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldStatus, v))
 }
 // StatusNEQ applies the NEQ predicate on the "status" field.
 func StatusNEQ(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNEQ(FieldStatus, v))
 }
 // StatusIn applies the In predicate on the "status" field.
 func StatusIn(vs ...string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldIn(FieldStatus, vs...))
 }
 // StatusNotIn applies the NotIn predicate on the "status" field.
 func StatusNotIn(vs ...string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNotIn(FieldStatus, vs...))
 }
 // StatusGT applies the GT predicate on the "status" field.
 func StatusGT(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGT(FieldStatus, v))
 }
 // StatusGTE applies the GTE predicate on the "status" field.
 func StatusGTE(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGTE(FieldStatus, v))
 }
 // StatusLT applies the LT predicate on the "status" field.
 func StatusLT(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLT(FieldStatus, v))
 }
 // StatusLTE applies the LTE predicate on the "status" field.
 func StatusLTE(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLTE(FieldStatus, v))
 }
 // StatusContains applies the Contains predicate on the "status" field.
 func StatusContains(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldContains(FieldStatus, v))
 }
 // StatusHasPrefix applies the HasPrefix predicate on the "status" field.
 func StatusHasPrefix(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldHasPrefix(FieldStatus, v))
 }
 // StatusHasSuffix applies the HasSuffix predicate on the "status" field.
 func StatusHasSuffix(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldHasSuffix(FieldStatus, v))
 }
 // StatusEqualFold applies the EqualFold predicate on the "status" field.
 func StatusEqualFold(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEqualFold(FieldStatus, v))
 }
 // StatusContainsFold applies the ContainsFold predicate on the "status" field.
 func StatusContainsFold(v string) predicate.Announcement {
 	return predicate.Announcement(sql.FieldContainsFold(FieldStatus, v))
 }
 // TargetingIsNil applies the IsNil predicate on the "targeting" field.
 func TargetingIsNil() predicate.Announcement {
 	return predicate.Announcement(sql.FieldIsNull(FieldTargeting))
 }
 // TargetingNotNil applies the NotNil predicate on the "targeting" field.
 func TargetingNotNil() predicate.Announcement {
 	return predicate.Announcement(sql.FieldNotNull(FieldTargeting))
 }
 // StartsAtEQ applies the EQ predicate on the "starts_at" field.
 func StartsAtEQ(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldStartsAt, v))
 }
 // StartsAtNEQ applies the NEQ predicate on the "starts_at" field.
 func StartsAtNEQ(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNEQ(FieldStartsAt, v))
 }
 // StartsAtIn applies the In predicate on the "starts_at" field.
 func StartsAtIn(vs ...time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldIn(FieldStartsAt, vs...))
 }
 // StartsAtNotIn applies the NotIn predicate on the "starts_at" field.
 func StartsAtNotIn(vs ...time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNotIn(FieldStartsAt, vs...))
 }
 // StartsAtGT applies the GT predicate on the "starts_at" field.
 func StartsAtGT(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGT(FieldStartsAt, v))
 }
 // StartsAtGTE applies the GTE predicate on the "starts_at" field.
 func StartsAtGTE(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGTE(FieldStartsAt, v))
 }
 // StartsAtLT applies the LT predicate on the "starts_at" field.
 func StartsAtLT(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLT(FieldStartsAt, v))
 }
 // StartsAtLTE applies the LTE predicate on the "starts_at" field.
 func StartsAtLTE(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLTE(FieldStartsAt, v))
 }
 // StartsAtIsNil applies the IsNil predicate on the "starts_at" field.
 func StartsAtIsNil() predicate.Announcement {
 	return predicate.Announcement(sql.FieldIsNull(FieldStartsAt))
 }
 // StartsAtNotNil applies the NotNil predicate on the "starts_at" field.
 func StartsAtNotNil() predicate.Announcement {
 	return predicate.Announcement(sql.FieldNotNull(FieldStartsAt))
 }
 // EndsAtEQ applies the EQ predicate on the "ends_at" field.
 func EndsAtEQ(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldEndsAt, v))
 }
 // EndsAtNEQ applies the NEQ predicate on the "ends_at" field.
 func EndsAtNEQ(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNEQ(FieldEndsAt, v))
 }
 // EndsAtIn applies the In predicate on the "ends_at" field.
 func EndsAtIn(vs ...time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldIn(FieldEndsAt, vs...))
 }
 // EndsAtNotIn applies the NotIn predicate on the "ends_at" field.
 func EndsAtNotIn(vs ...time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNotIn(FieldEndsAt, vs...))
 }
 // EndsAtGT applies the GT predicate on the "ends_at" field.
 func EndsAtGT(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGT(FieldEndsAt, v))
 }
 // EndsAtGTE applies the GTE predicate on the "ends_at" field.
 func EndsAtGTE(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGTE(FieldEndsAt, v))
 }
 // EndsAtLT applies the LT predicate on the "ends_at" field.
 func EndsAtLT(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLT(FieldEndsAt, v))
 }
 // EndsAtLTE applies the LTE predicate on the "ends_at" field.
 func EndsAtLTE(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLTE(FieldEndsAt, v))
 }
 // EndsAtIsNil applies the IsNil predicate on the "ends_at" field.
 func EndsAtIsNil() predicate.Announcement {
 	return predicate.Announcement(sql.FieldIsNull(FieldEndsAt))
 }
 // EndsAtNotNil applies the NotNil predicate on the "ends_at" field.
 func EndsAtNotNil() predicate.Announcement {
 	return predicate.Announcement(sql.FieldNotNull(FieldEndsAt))
 }
 // CreatedByEQ applies the EQ predicate on the "created_by" field.
 func CreatedByEQ(v int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldCreatedBy, v))
 }
 // CreatedByNEQ applies the NEQ predicate on the "created_by" field.
 func CreatedByNEQ(v int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNEQ(FieldCreatedBy, v))
 }
 // CreatedByIn applies the In predicate on the "created_by" field.
 func CreatedByIn(vs ...int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldIn(FieldCreatedBy, vs...))
 }
 // CreatedByNotIn applies the NotIn predicate on the "created_by" field.
 func CreatedByNotIn(vs ...int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNotIn(FieldCreatedBy, vs...))
 }
 // CreatedByGT applies the GT predicate on the "created_by" field.
 func CreatedByGT(v int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGT(FieldCreatedBy, v))
 }
 // CreatedByGTE applies the GTE predicate on the "created_by" field.
 func CreatedByGTE(v int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGTE(FieldCreatedBy, v))
 }
 // CreatedByLT applies the LT predicate on the "created_by" field.
 func CreatedByLT(v int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLT(FieldCreatedBy, v))
 }
 // CreatedByLTE applies the LTE predicate on the "created_by" field.
 func CreatedByLTE(v int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLTE(FieldCreatedBy, v))
 }
 // CreatedByIsNil applies the IsNil predicate on the "created_by" field.
 func CreatedByIsNil() predicate.Announcement {
 	return predicate.Announcement(sql.FieldIsNull(FieldCreatedBy))
 }
 // CreatedByNotNil applies the NotNil predicate on the "created_by" field.
 func CreatedByNotNil() predicate.Announcement {
 	return predicate.Announcement(sql.FieldNotNull(FieldCreatedBy))
 }
 // UpdatedByEQ applies the EQ predicate on the "updated_by" field.
 func UpdatedByEQ(v int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldUpdatedBy, v))
 }
 // UpdatedByNEQ applies the NEQ predicate on the "updated_by" field.
 func UpdatedByNEQ(v int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNEQ(FieldUpdatedBy, v))
 }
 // UpdatedByIn applies the In predicate on the "updated_by" field.
 func UpdatedByIn(vs ...int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldIn(FieldUpdatedBy, vs...))
 }
 // UpdatedByNotIn applies the NotIn predicate on the "updated_by" field.
 func UpdatedByNotIn(vs ...int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNotIn(FieldUpdatedBy, vs...))
 }
 // UpdatedByGT applies the GT predicate on the "updated_by" field.
 func UpdatedByGT(v int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGT(FieldUpdatedBy, v))
 }
 // UpdatedByGTE applies the GTE predicate on the "updated_by" field.
 func UpdatedByGTE(v int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGTE(FieldUpdatedBy, v))
 }
 // UpdatedByLT applies the LT predicate on the "updated_by" field.
 func UpdatedByLT(v int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLT(FieldUpdatedBy, v))
 }
 // UpdatedByLTE applies the LTE predicate on the "updated_by" field.
 func UpdatedByLTE(v int64) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLTE(FieldUpdatedBy, v))
 }
 // UpdatedByIsNil applies the IsNil predicate on the "updated_by" field.
 func UpdatedByIsNil() predicate.Announcement {
 	return predicate.Announcement(sql.FieldIsNull(FieldUpdatedBy))
 }
 // UpdatedByNotNil applies the NotNil predicate on the "updated_by" field.
 func UpdatedByNotNil() predicate.Announcement {
 	return predicate.Announcement(sql.FieldNotNull(FieldUpdatedBy))
 }
 // CreatedAtEQ applies the EQ predicate on the "created_at" field.
 func CreatedAtEQ(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldCreatedAt, v))
 }
 // CreatedAtNEQ applies the NEQ predicate on the "created_at" field.
 func CreatedAtNEQ(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNEQ(FieldCreatedAt, v))
 }
 // CreatedAtIn applies the In predicate on the "created_at" field.
 func CreatedAtIn(vs ...time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldIn(FieldCreatedAt, vs...))
 }
 // CreatedAtNotIn applies the NotIn predicate on the "created_at" field.
 func CreatedAtNotIn(vs ...time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNotIn(FieldCreatedAt, vs...))
 }
 // CreatedAtGT applies the GT predicate on the "created_at" field.
 func CreatedAtGT(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGT(FieldCreatedAt, v))
 }
 // CreatedAtGTE applies the GTE predicate on the "created_at" field.
 func CreatedAtGTE(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGTE(FieldCreatedAt, v))
 }
 // CreatedAtLT applies the LT predicate on the "created_at" field.
 func CreatedAtLT(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLT(FieldCreatedAt, v))
 }
 // CreatedAtLTE applies the LTE predicate on the "created_at" field.
 func CreatedAtLTE(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLTE(FieldCreatedAt, v))
 }
 // UpdatedAtEQ applies the EQ predicate on the "updated_at" field.
 func UpdatedAtEQ(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldEQ(FieldUpdatedAt, v))
 }
 // UpdatedAtNEQ applies the NEQ predicate on the "updated_at" field.
 func UpdatedAtNEQ(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNEQ(FieldUpdatedAt, v))
 }
 // UpdatedAtIn applies the In predicate on the "updated_at" field.
 func UpdatedAtIn(vs ...time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldIn(FieldUpdatedAt, vs...))
 }
 // UpdatedAtNotIn applies the NotIn predicate on the "updated_at" field.
 func UpdatedAtNotIn(vs ...time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldNotIn(FieldUpdatedAt, vs...))
 }
 // UpdatedAtGT applies the GT predicate on the "updated_at" field.
 func UpdatedAtGT(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGT(FieldUpdatedAt, v))
 }
 // UpdatedAtGTE applies the GTE predicate on the "updated_at" field.
 func UpdatedAtGTE(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldGTE(FieldUpdatedAt, v))
 }
 // UpdatedAtLT applies the LT predicate on the "updated_at" field.
 func UpdatedAtLT(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLT(FieldUpdatedAt, v))
 }
 // UpdatedAtLTE applies the LTE predicate on the "updated_at" field.
 func UpdatedAtLTE(v time.Time) predicate.Announcement {
 	return predicate.Announcement(sql.FieldLTE(FieldUpdatedAt, v))
 }
 // HasReads applies the HasEdge predicate on the "reads" edge.
 func HasReads() predicate.Announcement {
 	return predicate.Announcement(func(s *sql.Selector) {
 		step := sqlgraph.NewStep(
 			sqlgraph.From(Table, FieldID),
 			sqlgraph.Edge(sqlgraph.O2M, false, ReadsTable, ReadsColumn),
 		)
 		sqlgraph.HasNeighbors(s, step)
 	})
 }
 // HasReadsWith applies the HasEdge predicate on the "reads" edge with a given conditions (other predicates).
 func HasReadsWith(preds ...predicate.AnnouncementRead) predicate.Announcement {
 	return predicate.Announcement(func(s *sql.Selector) {
 		step := newReadsStep()
 		sqlgraph.HasNeighborsWith(s, step, func(s *sql.Selector) {
 			for _, p := range preds {
 				p(s)
 			}
 		})
 	})
 }
 // And groups predicates with the AND operator between them.
 func And(predicates ...predicate.Announcement) predicate.Announcement {
 	return predicate.Announcement(sql.AndPredicates(predicates...))
 }
 // Or groups predicates with the OR operator between them.
 func Or(predicates ...predicate.Announcement) predicate.Announcement {
 	return predicate.Announcement(sql.OrPredicates(predicates...))
 }
 // Not applies the not operator on the given predicate.
 func Not(p predicate.Announcement) predicate.Announcement {
 	return predicate.Announcement(sql.NotPredicates(p))
 }
--- a/backend/ent/announcement_create.go
+++ b/backend/ent/announcement_create.go
--- a/backend/ent/announcement_delete.go
+++ b/backend/ent/announcement_delete.go
@@ -0,0 +1,88 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"context"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/announcement"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 )
 // AnnouncementDelete is the builder for deleting a Announcement entity.
 type AnnouncementDelete struct {
 	config
 	hooks    []Hook
 	mutation *AnnouncementMutation
 }
 // Where appends a list predicates to the AnnouncementDelete builder.
 func (_d *AnnouncementDelete) Where(ps ...predicate.Announcement) *AnnouncementDelete {
 	_d.mutation.Where(ps...)
 	return _d
 }
 // Exec executes the deletion query and returns how many vertices were deleted.
 func (_d *AnnouncementDelete) Exec(ctx context.Context) (int, error) {
 	return withHooks(ctx, _d.sqlExec, _d.mutation, _d.hooks)
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_d *AnnouncementDelete) ExecX(ctx context.Context) int {
 	n, err := _d.Exec(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return n
 }
 func (_d *AnnouncementDelete) sqlExec(ctx context.Context) (int, error) {
 	_spec := sqlgraph.NewDeleteSpec(announcement.Table, sqlgraph.NewFieldSpec(announcement.FieldID, field.TypeInt64))
 	if ps := _d.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	affected, err := sqlgraph.DeleteNodes(ctx, _d.driver, _spec)
 	if err != nil && sqlgraph.IsConstraintError(err) {
 		err = &ConstraintError{msg: err.Error(), wrap: err}
 	}
 	_d.mutation.done = true
 	return affected, err
 }
 // AnnouncementDeleteOne is the builder for deleting a single Announcement entity.
 type AnnouncementDeleteOne struct {
 	_d *AnnouncementDelete
 }
 // Where appends a list predicates to the AnnouncementDelete builder.
 func (_d *AnnouncementDeleteOne) Where(ps ...predicate.Announcement) *AnnouncementDeleteOne {
 	_d._d.mutation.Where(ps...)
 	return _d
 }
 // Exec executes the deletion query.
 func (_d *AnnouncementDeleteOne) Exec(ctx context.Context) error {
 	n, err := _d._d.Exec(ctx)
 	switch {
 	case err != nil:
 		return err
 	case n == 0:
 		return &NotFoundError{announcement.Label}
 	default:
 		return nil
 	}
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_d *AnnouncementDeleteOne) ExecX(ctx context.Context) {
 	if err := _d.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
--- a/backend/ent/announcement_query.go
+++ b/backend/ent/announcement_query.go
@@ -0,0 +1,643 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"context"
 	"database/sql/driver"
 	"fmt"
 	"math"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/announcement"
 	"github.com/Wei-Shaw/sub2api/ent/announcementread"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 )
 // AnnouncementQuery is the builder for querying Announcement entities.
 type AnnouncementQuery struct {
 	config
 	ctx        *QueryContext
 	order      []announcement.OrderOption
 	inters     []Interceptor
 	predicates []predicate.Announcement
 	withReads  *AnnouncementReadQuery
 	modifiers  []func(*sql.Selector)
 	// intermediate query (i.e. traversal path).
 	sql  *sql.Selector
 	path func(context.Context) (*sql.Selector, error)
 }
 // Where adds a new predicate for the AnnouncementQuery builder.
 func (_q *AnnouncementQuery) Where(ps ...predicate.Announcement) *AnnouncementQuery {
 	_q.predicates = append(_q.predicates, ps...)
 	return _q
 }
 // Limit the number of records to be returned by this query.
 func (_q *AnnouncementQuery) Limit(limit int) *AnnouncementQuery {
 	_q.ctx.Limit = &limit
 	return _q
 }
 // Offset to start from.
 func (_q *AnnouncementQuery) Offset(offset int) *AnnouncementQuery {
 	_q.ctx.Offset = &offset
 	return _q
 }
 // Unique configures the query builder to filter duplicate records on query.
 // By default, unique is set to true, and can be disabled using this method.
 func (_q *AnnouncementQuery) Unique(unique bool) *AnnouncementQuery {
 	_q.ctx.Unique = &unique
 	return _q
 }
 // Order specifies how the records should be ordered.
 func (_q *AnnouncementQuery) Order(o ...announcement.OrderOption) *AnnouncementQuery {
 	_q.order = append(_q.order, o...)
 	return _q
 }
 // QueryReads chains the current query on the "reads" edge.
 func (_q *AnnouncementQuery) QueryReads() *AnnouncementReadQuery {
 	query := (&AnnouncementReadClient{config: _q.config}).Query()
 	query.path = func(ctx context.Context) (fromU *sql.Selector, err error) {
 		if err := _q.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
 		selector := _q.sqlQuery(ctx)
 		if err := selector.Err(); err != nil {
 			return nil, err
 		}
 		step := sqlgraph.NewStep(
 			sqlgraph.From(announcement.Table, announcement.FieldID, selector),
 			sqlgraph.To(announcementread.Table, announcementread.FieldID),
 			sqlgraph.Edge(sqlgraph.O2M, false, announcement.ReadsTable, announcement.ReadsColumn),
 		)
 		fromU = sqlgraph.SetNeighbors(_q.driver.Dialect(), step)
 		return fromU, nil
 	}
 	return query
 }
 // First returns the first Announcement entity from the query.
 // Returns a *NotFoundError when no Announcement was found.
 func (_q *AnnouncementQuery) First(ctx context.Context) (*Announcement, error) {
 	nodes, err := _q.Limit(1).All(setContextOp(ctx, _q.ctx, ent.OpQueryFirst))
 	if err != nil {
 		return nil, err
 	}
 	if len(nodes) == 0 {
 		return nil, &NotFoundError{announcement.Label}
 	}
 	return nodes[0], nil
 }
 // FirstX is like First, but panics if an error occurs.
 func (_q *AnnouncementQuery) FirstX(ctx context.Context) *Announcement {
 	node, err := _q.First(ctx)
 	if err != nil && !IsNotFound(err) {
 		panic(err)
 	}
 	return node
 }
 // FirstID returns the first Announcement ID from the query.
 // Returns a *NotFoundError when no Announcement ID was found.
 func (_q *AnnouncementQuery) FirstID(ctx context.Context) (id int64, err error) {
 	var ids []int64
 	if ids, err = _q.Limit(1).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryFirstID)); err != nil {
 		return
 	}
 	if len(ids) == 0 {
 		err = &NotFoundError{announcement.Label}
 		return
 	}
 	return ids[0], nil
 }
 // FirstIDX is like FirstID, but panics if an error occurs.
 func (_q *AnnouncementQuery) FirstIDX(ctx context.Context) int64 {
 	id, err := _q.FirstID(ctx)
 	if err != nil && !IsNotFound(err) {
 		panic(err)
 	}
 	return id
 }
 // Only returns a single Announcement entity found by the query, ensuring it only returns one.
 // Returns a *NotSingularError when more than one Announcement entity is found.
 // Returns a *NotFoundError when no Announcement entities are found.
 func (_q *AnnouncementQuery) Only(ctx context.Context) (*Announcement, error) {
 	nodes, err := _q.Limit(2).All(setContextOp(ctx, _q.ctx, ent.OpQueryOnly))
 	if err != nil {
 		return nil, err
 	}
 	switch len(nodes) {
 	case 1:
 		return nodes[0], nil
 	case 0:
 		return nil, &NotFoundError{announcement.Label}
 	default:
 		return nil, &NotSingularError{announcement.Label}
 	}
 }
 // OnlyX is like Only, but panics if an error occurs.
 func (_q *AnnouncementQuery) OnlyX(ctx context.Context) *Announcement {
 	node, err := _q.Only(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return node
 }
 // OnlyID is like Only, but returns the only Announcement ID in the query.
 // Returns a *NotSingularError when more than one Announcement ID is found.
 // Returns a *NotFoundError when no entities are found.
 func (_q *AnnouncementQuery) OnlyID(ctx context.Context) (id int64, err error) {
 	var ids []int64
 	if ids, err = _q.Limit(2).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryOnlyID)); err != nil {
 		return
 	}
 	switch len(ids) {
 	case 1:
 		id = ids[0]
 	case 0:
 		err = &NotFoundError{announcement.Label}
 	default:
 		err = &NotSingularError{announcement.Label}
 	}
 	return
 }
 // OnlyIDX is like OnlyID, but panics if an error occurs.
 func (_q *AnnouncementQuery) OnlyIDX(ctx context.Context) int64 {
 	id, err := _q.OnlyID(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return id
 }
 // All executes the query and returns a list of Announcements.
 func (_q *AnnouncementQuery) All(ctx context.Context) ([]*Announcement, error) {
 	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryAll)
 	if err := _q.prepareQuery(ctx); err != nil {
 		return nil, err
 	}
 	qr := querierAll[[]*Announcement, *AnnouncementQuery]()
 	return withInterceptors[[]*Announcement](ctx, _q, qr, _q.inters)
 }
 // AllX is like All, but panics if an error occurs.
 func (_q *AnnouncementQuery) AllX(ctx context.Context) []*Announcement {
 	nodes, err := _q.All(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return nodes
 }
 // IDs executes the query and returns a list of Announcement IDs.
 func (_q *AnnouncementQuery) IDs(ctx context.Context) (ids []int64, err error) {
 	if _q.ctx.Unique == nil && _q.path != nil {
 		_q.Unique(true)
 	}
 	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryIDs)
 	if err = _q.Select(announcement.FieldID).Scan(ctx, &ids); err != nil {
 		return nil, err
 	}
 	return ids, nil
 }
 // IDsX is like IDs, but panics if an error occurs.
 func (_q *AnnouncementQuery) IDsX(ctx context.Context) []int64 {
 	ids, err := _q.IDs(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return ids
 }
 // Count returns the count of the given query.
 func (_q *AnnouncementQuery) Count(ctx context.Context) (int, error) {
 	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryCount)
 	if err := _q.prepareQuery(ctx); err != nil {
 		return 0, err
 	}
 	return withInterceptors[int](ctx, _q, querierCount[*AnnouncementQuery](), _q.inters)
 }
 // CountX is like Count, but panics if an error occurs.
 func (_q *AnnouncementQuery) CountX(ctx context.Context) int {
 	count, err := _q.Count(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return count
 }
 // Exist returns true if the query has elements in the graph.
 func (_q *AnnouncementQuery) Exist(ctx context.Context) (bool, error) {
 	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryExist)
 	switch _, err := _q.FirstID(ctx); {
 	case IsNotFound(err):
 		return false, nil
 	case err != nil:
 		return false, fmt.Errorf("ent: check existence: %w", err)
 	default:
 		return true, nil
 	}
 }
 // ExistX is like Exist, but panics if an error occurs.
 func (_q *AnnouncementQuery) ExistX(ctx context.Context) bool {
 	exist, err := _q.Exist(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return exist
 }
 // Clone returns a duplicate of the AnnouncementQuery builder, including all associated steps. It can be
 // used to prepare common query builders and use them differently after the clone is made.
 func (_q *AnnouncementQuery) Clone() *AnnouncementQuery {
 	if _q == nil {
 		return nil
 	}
 	return &AnnouncementQuery{
 		config:     _q.config,
 		ctx:        _q.ctx.Clone(),
 		order:      append([]announcement.OrderOption{}, _q.order...),
 		inters:     append([]Interceptor{}, _q.inters...),
 		predicates: append([]predicate.Announcement{}, _q.predicates...),
 		withReads:  _q.withReads.Clone(),
 		// clone intermediate query.
 		sql:  _q.sql.Clone(),
 		path: _q.path,
 	}
 }
 // WithReads tells the query-builder to eager-load the nodes that are connected to
 // the "reads" edge. The optional arguments are used to configure the query builder of the edge.
 func (_q *AnnouncementQuery) WithReads(opts ...func(*AnnouncementReadQuery)) *AnnouncementQuery {
 	query := (&AnnouncementReadClient{config: _q.config}).Query()
 	for _, opt := range opts {
 		opt(query)
 	}
 	_q.withReads = query
 	return _q
 }
 // GroupBy is used to group vertices by one or more fields/columns.
 // It is often used with aggregate functions, like: count, max, mean, min, sum.
 //
 // Example:
 //
 //	var v []struct {
 //		Title string `json:"title,omitempty"`
 //		Count int `json:"count,omitempty"`
 //	}
 //
 //	client.Announcement.Query().
 //		GroupBy(announcement.FieldTitle).
 //		Aggregate(ent.Count()).
 //		Scan(ctx, &v)
 func (_q *AnnouncementQuery) GroupBy(field string, fields ...string) *AnnouncementGroupBy {
 	_q.ctx.Fields = append([]string{field}, fields...)
 	grbuild := &AnnouncementGroupBy{build: _q}
 	grbuild.flds = &_q.ctx.Fields
 	grbuild.label = announcement.Label
 	grbuild.scan = grbuild.Scan
 	return grbuild
 }
 // Select allows the selection one or more fields/columns for the given query,
 // instead of selecting all fields in the entity.
 //
 // Example:
 //
 //	var v []struct {
 //		Title string `json:"title,omitempty"`
 //	}
 //
 //	client.Announcement.Query().
 //		Select(announcement.FieldTitle).
 //		Scan(ctx, &v)
 func (_q *AnnouncementQuery) Select(fields ...string) *AnnouncementSelect {
 	_q.ctx.Fields = append(_q.ctx.Fields, fields...)
 	sbuild := &AnnouncementSelect{AnnouncementQuery: _q}
 	sbuild.label = announcement.Label
 	sbuild.flds, sbuild.scan = &_q.ctx.Fields, sbuild.Scan
 	return sbuild
 }
 // Aggregate returns a AnnouncementSelect configured with the given aggregations.
 func (_q *AnnouncementQuery) Aggregate(fns ...AggregateFunc) *AnnouncementSelect {
 	return _q.Select().Aggregate(fns...)
 }
 func (_q *AnnouncementQuery) prepareQuery(ctx context.Context) error {
 	for _, inter := range _q.inters {
 		if inter == nil {
 			return fmt.Errorf("ent: uninitialized interceptor (forgotten import ent/runtime?)")
 		}
 		if trv, ok := inter.(Traverser); ok {
 			if err := trv.Traverse(ctx, _q); err != nil {
 				return err
 			}
 		}
 	}
 	for _, f := range _q.ctx.Fields {
 		if !announcement.ValidColumn(f) {
 			return &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
 		}
 	}
 	if _q.path != nil {
 		prev, err := _q.path(ctx)
 		if err != nil {
 			return err
 		}
 		_q.sql = prev
 	}
 	return nil
 }
 func (_q *AnnouncementQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*Announcement, error) {
 	var (
 		nodes       = []*Announcement{}
 		_spec       = _q.querySpec()
 		loadedTypes = [1]bool{
 			_q.withReads != nil,
 		}
 	)
 	_spec.ScanValues = func(columns []string) ([]any, error) {
 		return (*Announcement).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []any) error {
 		node := &Announcement{config: _q.config}
 		nodes = append(nodes, node)
 		node.Edges.loadedTypes = loadedTypes
 		return node.assignValues(columns, values)
 	}
 	if len(_q.modifiers) > 0 {
 		_spec.Modifiers = _q.modifiers
 	}
 	for i := range hooks {
 		hooks[i](ctx, _spec)
 	}
 	if err := sqlgraph.QueryNodes(ctx, _q.driver, _spec); err != nil {
 		return nil, err
 	}
 	if len(nodes) == 0 {
 		return nodes, nil
 	}
 	if query := _q.withReads; query != nil {
 		if err := _q.loadReads(ctx, query, nodes,
 			func(n *Announcement) { n.Edges.Reads = []*AnnouncementRead{} },
 			func(n *Announcement, e *AnnouncementRead) { n.Edges.Reads = append(n.Edges.Reads, e) }); err != nil {
 			return nil, err
 		}
 	}
 	return nodes, nil
 }
 func (_q *AnnouncementQuery) loadReads(ctx context.Context, query *AnnouncementReadQuery, nodes []*Announcement, init func(*Announcement), assign func(*Announcement, *AnnouncementRead)) error {
 	fks := make([]driver.Value, 0, len(nodes))
 	nodeids := make(map[int64]*Announcement)
 	for i := range nodes {
 		fks = append(fks, nodes[i].ID)
 		nodeids[nodes[i].ID] = nodes[i]
 		if init != nil {
 			init(nodes[i])
 		}
 	}
 	if len(query.ctx.Fields) > 0 {
 		query.ctx.AppendFieldOnce(announcementread.FieldAnnouncementID)
 	}
 	query.Where(predicate.AnnouncementRead(func(s *sql.Selector) {
 		s.Where(sql.InValues(s.C(announcement.ReadsColumn), fks...))
 	}))
 	neighbors, err := query.All(ctx)
 	if err != nil {
 		return err
 	}
 	for _, n := range neighbors {
 		fk := n.AnnouncementID
 		node, ok := nodeids[fk]
 		if !ok {
 			return fmt.Errorf(`unexpected referenced foreign-key "announcement_id" returned %v for node %v`, fk, n.ID)
 		}
 		assign(node, n)
 	}
 	return nil
 }
 func (_q *AnnouncementQuery) sqlCount(ctx context.Context) (int, error) {
 	_spec := _q.querySpec()
 	if len(_q.modifiers) > 0 {
 		_spec.Modifiers = _q.modifiers
 	}
 	_spec.Node.Columns = _q.ctx.Fields
 	if len(_q.ctx.Fields) > 0 {
 		_spec.Unique = _q.ctx.Unique != nil && *_q.ctx.Unique
 	}
 	return sqlgraph.CountNodes(ctx, _q.driver, _spec)
 }
 func (_q *AnnouncementQuery) querySpec() *sqlgraph.QuerySpec {
 	_spec := sqlgraph.NewQuerySpec(announcement.Table, announcement.Columns, sqlgraph.NewFieldSpec(announcement.FieldID, field.TypeInt64))
 	_spec.From = _q.sql
 	if unique := _q.ctx.Unique; unique != nil {
 		_spec.Unique = *unique
 	} else if _q.path != nil {
 		_spec.Unique = true
 	}
 	if fields := _q.ctx.Fields; len(fields) > 0 {
 		_spec.Node.Columns = make([]string, 0, len(fields))
 		_spec.Node.Columns = append(_spec.Node.Columns, announcement.FieldID)
 		for i := range fields {
 			if fields[i] != announcement.FieldID {
 				_spec.Node.Columns = append(_spec.Node.Columns, fields[i])
 			}
 		}
 	}
 	if ps := _q.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	if limit := _q.ctx.Limit; limit != nil {
 		_spec.Limit = *limit
 	}
 	if offset := _q.ctx.Offset; offset != nil {
 		_spec.Offset = *offset
 	}
 	if ps := _q.order; len(ps) > 0 {
 		_spec.Order = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	return _spec
 }
 func (_q *AnnouncementQuery) sqlQuery(ctx context.Context) *sql.Selector {
 	builder := sql.Dialect(_q.driver.Dialect())
 	t1 := builder.Table(announcement.Table)
 	columns := _q.ctx.Fields
 	if len(columns) == 0 {
 		columns = announcement.Columns
 	}
 	selector := builder.Select(t1.Columns(columns...)...).From(t1)
 	if _q.sql != nil {
 		selector = _q.sql
 		selector.Select(selector.Columns(columns...)...)
 	}
 	if _q.ctx.Unique != nil && *_q.ctx.Unique {
 		selector.Distinct()
 	}
 	for _, m := range _q.modifiers {
 		m(selector)
 	}
 	for _, p := range _q.predicates {
 		p(selector)
 	}
 	for _, p := range _q.order {
 		p(selector)
 	}
 	if offset := _q.ctx.Offset; offset != nil {
 		// limit is mandatory for offset clause. We start
 		// with default value, and override it below if needed.
 		selector.Offset(*offset).Limit(math.MaxInt32)
 	}
 	if limit := _q.ctx.Limit; limit != nil {
 		selector.Limit(*limit)
 	}
 	return selector
 }
 // ForUpdate locks the selected rows against concurrent updates, and prevent them from being
 // updated, deleted or "selected ... for update" by other sessions, until the transaction is
 // either committed or rolled-back.
 func (_q *AnnouncementQuery) ForUpdate(opts ...sql.LockOption) *AnnouncementQuery {
 	if _q.driver.Dialect() == dialect.Postgres {
 		_q.Unique(false)
 	}
 	_q.modifiers = append(_q.modifiers, func(s *sql.Selector) {
 		s.ForUpdate(opts...)
 	})
 	return _q
 }
 // ForShare behaves similarly to ForUpdate, except that it acquires a shared mode lock
 // on any rows that are read. Other sessions can read the rows, but cannot modify them
 // until your transaction commits.
 func (_q *AnnouncementQuery) ForShare(opts ...sql.LockOption) *AnnouncementQuery {
 	if _q.driver.Dialect() == dialect.Postgres {
 		_q.Unique(false)
 	}
 	_q.modifiers = append(_q.modifiers, func(s *sql.Selector) {
 		s.ForShare(opts...)
 	})
 	return _q
 }
 // AnnouncementGroupBy is the group-by builder for Announcement entities.
 type AnnouncementGroupBy struct {
 	selector
 	build *AnnouncementQuery
 }
 // Aggregate adds the given aggregation functions to the group-by query.
 func (_g *AnnouncementGroupBy) Aggregate(fns ...AggregateFunc) *AnnouncementGroupBy {
 	_g.fns = append(_g.fns, fns...)
 	return _g
 }
 // Scan applies the selector query and scans the result into the given value.
 func (_g *AnnouncementGroupBy) Scan(ctx context.Context, v any) error {
 	ctx = setContextOp(ctx, _g.build.ctx, ent.OpQueryGroupBy)
 	if err := _g.build.prepareQuery(ctx); err != nil {
 		return err
 	}
 	return scanWithInterceptors[*AnnouncementQuery, *AnnouncementGroupBy](ctx, _g.build, _g, _g.build.inters, v)
 }
 func (_g *AnnouncementGroupBy) sqlScan(ctx context.Context, root *AnnouncementQuery, v any) error {
 	selector := root.sqlQuery(ctx).Select()
 	aggregation := make([]string, 0, len(_g.fns))
 	for _, fn := range _g.fns {
 		aggregation = append(aggregation, fn(selector))
 	}
 	if len(selector.SelectedColumns()) == 0 {
 		columns := make([]string, 0, len(*_g.flds)+len(_g.fns))
 		for _, f := range *_g.flds {
 			columns = append(columns, selector.C(f))
 		}
 		columns = append(columns, aggregation...)
 		selector.Select(columns...)
 	}
 	selector.GroupBy(selector.Columns(*_g.flds...)...)
 	if err := selector.Err(); err != nil {
 		return err
 	}
 	rows := &sql.Rows{}
 	query, args := selector.Query()
 	if err := _g.build.driver.Query(ctx, query, args, rows); err != nil {
 		return err
 	}
 	defer rows.Close()
 	return sql.ScanSlice(rows, v)
 }
 // AnnouncementSelect is the builder for selecting fields of Announcement entities.
 type AnnouncementSelect struct {
 	*AnnouncementQuery
 	selector
 }
 // Aggregate adds the given aggregation functions to the selector query.
 func (_s *AnnouncementSelect) Aggregate(fns ...AggregateFunc) *AnnouncementSelect {
 	_s.fns = append(_s.fns, fns...)
 	return _s
 }
 // Scan applies the selector query and scans the result into the given value.
 func (_s *AnnouncementSelect) Scan(ctx context.Context, v any) error {
 	ctx = setContextOp(ctx, _s.ctx, ent.OpQuerySelect)
 	if err := _s.prepareQuery(ctx); err != nil {
 		return err
 	}
 	return scanWithInterceptors[*AnnouncementQuery, *AnnouncementSelect](ctx, _s.AnnouncementQuery, _s, _s.inters, v)
 }
 func (_s *AnnouncementSelect) sqlScan(ctx context.Context, root *AnnouncementQuery, v any) error {
 	selector := root.sqlQuery(ctx)
 	aggregation := make([]string, 0, len(_s.fns))
 	for _, fn := range _s.fns {
 		aggregation = append(aggregation, fn(selector))
 	}
 	switch n := len(*_s.selector.flds); {
 	case n == 0 && len(aggregation) > 0:
 		selector.Select(aggregation...)
 	case n != 0 && len(aggregation) > 0:
 		selector.AppendSelect(aggregation...)
 	}
 	rows := &sql.Rows{}
 	query, args := selector.Query()
 	if err := _s.driver.Query(ctx, query, args, rows); err != nil {
 		return err
 	}
 	defer rows.Close()
 	return sql.ScanSlice(rows, v)
 }
--- a/backend/ent/announcement_update.go
+++ b/backend/ent/announcement_update.go
@@ -0,0 +1,824 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"context"
 	"errors"
 	"fmt"
 	"time"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/announcement"
 	"github.com/Wei-Shaw/sub2api/ent/announcementread"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 	"github.com/Wei-Shaw/sub2api/internal/domain"
 )
 // AnnouncementUpdate is the builder for updating Announcement entities.
 type AnnouncementUpdate struct {
 	config
 	hooks    []Hook
 	mutation *AnnouncementMutation
 }
 // Where appends a list predicates to the AnnouncementUpdate builder.
 func (_u *AnnouncementUpdate) Where(ps ...predicate.Announcement) *AnnouncementUpdate {
 	_u.mutation.Where(ps...)
 	return _u
 }
 // SetTitle sets the "title" field.
 func (_u *AnnouncementUpdate) SetTitle(v string) *AnnouncementUpdate {
 	_u.mutation.SetTitle(v)
 	return _u
 }
 // SetNillableTitle sets the "title" field if the given value is not nil.
 func (_u *AnnouncementUpdate) SetNillableTitle(v *string) *AnnouncementUpdate {
 	if v != nil {
 		_u.SetTitle(*v)
 	}
 	return _u
 }
 // SetContent sets the "content" field.
 func (_u *AnnouncementUpdate) SetContent(v string) *AnnouncementUpdate {
 	_u.mutation.SetContent(v)
 	return _u
 }
 // SetNillableContent sets the "content" field if the given value is not nil.
 func (_u *AnnouncementUpdate) SetNillableContent(v *string) *AnnouncementUpdate {
 	if v != nil {
 		_u.SetContent(*v)
 	}
 	return _u
 }
 // SetStatus sets the "status" field.
 func (_u *AnnouncementUpdate) SetStatus(v string) *AnnouncementUpdate {
 	_u.mutation.SetStatus(v)
 	return _u
 }
 // SetNillableStatus sets the "status" field if the given value is not nil.
 func (_u *AnnouncementUpdate) SetNillableStatus(v *string) *AnnouncementUpdate {
 	if v != nil {
 		_u.SetStatus(*v)
 	}
 	return _u
 }
 // SetTargeting sets the "targeting" field.
 func (_u *AnnouncementUpdate) SetTargeting(v domain.AnnouncementTargeting) *AnnouncementUpdate {
 	_u.mutation.SetTargeting(v)
 	return _u
 }
 // SetNillableTargeting sets the "targeting" field if the given value is not nil.
 func (_u *AnnouncementUpdate) SetNillableTargeting(v *domain.AnnouncementTargeting) *AnnouncementUpdate {
 	if v != nil {
 		_u.SetTargeting(*v)
 	}
 	return _u
 }
 // ClearTargeting clears the value of the "targeting" field.
 func (_u *AnnouncementUpdate) ClearTargeting() *AnnouncementUpdate {
 	_u.mutation.ClearTargeting()
 	return _u
 }
 // SetStartsAt sets the "starts_at" field.
 func (_u *AnnouncementUpdate) SetStartsAt(v time.Time) *AnnouncementUpdate {
 	_u.mutation.SetStartsAt(v)
 	return _u
 }
 // SetNillableStartsAt sets the "starts_at" field if the given value is not nil.
 func (_u *AnnouncementUpdate) SetNillableStartsAt(v *time.Time) *AnnouncementUpdate {
 	if v != nil {
 		_u.SetStartsAt(*v)
 	}
 	return _u
 }
 // ClearStartsAt clears the value of the "starts_at" field.
 func (_u *AnnouncementUpdate) ClearStartsAt() *AnnouncementUpdate {
 	_u.mutation.ClearStartsAt()
 	return _u
 }
 // SetEndsAt sets the "ends_at" field.
 func (_u *AnnouncementUpdate) SetEndsAt(v time.Time) *AnnouncementUpdate {
 	_u.mutation.SetEndsAt(v)
 	return _u
 }
 // SetNillableEndsAt sets the "ends_at" field if the given value is not nil.
 func (_u *AnnouncementUpdate) SetNillableEndsAt(v *time.Time) *AnnouncementUpdate {
 	if v != nil {
 		_u.SetEndsAt(*v)
 	}
 	return _u
 }
 // ClearEndsAt clears the value of the "ends_at" field.
 func (_u *AnnouncementUpdate) ClearEndsAt() *AnnouncementUpdate {
 	_u.mutation.ClearEndsAt()
 	return _u
 }
 // SetCreatedBy sets the "created_by" field.
 func (_u *AnnouncementUpdate) SetCreatedBy(v int64) *AnnouncementUpdate {
 	_u.mutation.ResetCreatedBy()
 	_u.mutation.SetCreatedBy(v)
 	return _u
 }
 // SetNillableCreatedBy sets the "created_by" field if the given value is not nil.
 func (_u *AnnouncementUpdate) SetNillableCreatedBy(v *int64) *AnnouncementUpdate {
 	if v != nil {
 		_u.SetCreatedBy(*v)
 	}
 	return _u
 }
 // AddCreatedBy adds value to the "created_by" field.
 func (_u *AnnouncementUpdate) AddCreatedBy(v int64) *AnnouncementUpdate {
 	_u.mutation.AddCreatedBy(v)
 	return _u
 }
 // ClearCreatedBy clears the value of the "created_by" field.
 func (_u *AnnouncementUpdate) ClearCreatedBy() *AnnouncementUpdate {
 	_u.mutation.ClearCreatedBy()
 	return _u
 }
 // SetUpdatedBy sets the "updated_by" field.
 func (_u *AnnouncementUpdate) SetUpdatedBy(v int64) *AnnouncementUpdate {
 	_u.mutation.ResetUpdatedBy()
 	_u.mutation.SetUpdatedBy(v)
 	return _u
 }
 // SetNillableUpdatedBy sets the "updated_by" field if the given value is not nil.
 func (_u *AnnouncementUpdate) SetNillableUpdatedBy(v *int64) *AnnouncementUpdate {
 	if v != nil {
 		_u.SetUpdatedBy(*v)
 	}
 	return _u
 }
 // AddUpdatedBy adds value to the "updated_by" field.
 func (_u *AnnouncementUpdate) AddUpdatedBy(v int64) *AnnouncementUpdate {
 	_u.mutation.AddUpdatedBy(v)
 	return _u
 }
 // ClearUpdatedBy clears the value of the "updated_by" field.
 func (_u *AnnouncementUpdate) ClearUpdatedBy() *AnnouncementUpdate {
 	_u.mutation.ClearUpdatedBy()
 	return _u
 }
 // SetUpdatedAt sets the "updated_at" field.
 func (_u *AnnouncementUpdate) SetUpdatedAt(v time.Time) *AnnouncementUpdate {
 	_u.mutation.SetUpdatedAt(v)
 	return _u
 }
 // AddReadIDs adds the "reads" edge to the AnnouncementRead entity by IDs.
 func (_u *AnnouncementUpdate) AddReadIDs(ids ...int64) *AnnouncementUpdate {
 	_u.mutation.AddReadIDs(ids...)
 	return _u
 }
 // AddReads adds the "reads" edges to the AnnouncementRead entity.
 func (_u *AnnouncementUpdate) AddReads(v ...*AnnouncementRead) *AnnouncementUpdate {
 	ids := make([]int64, len(v))
 	for i := range v {
 		ids[i] = v[i].ID
 	}
 	return _u.AddReadIDs(ids...)
 }
 // Mutation returns the AnnouncementMutation object of the builder.
 func (_u *AnnouncementUpdate) Mutation() *AnnouncementMutation {
 	return _u.mutation
 }
 // ClearReads clears all "reads" edges to the AnnouncementRead entity.
 func (_u *AnnouncementUpdate) ClearReads() *AnnouncementUpdate {
 	_u.mutation.ClearReads()
 	return _u
 }
 // RemoveReadIDs removes the "reads" edge to AnnouncementRead entities by IDs.
 func (_u *AnnouncementUpdate) RemoveReadIDs(ids ...int64) *AnnouncementUpdate {
 	_u.mutation.RemoveReadIDs(ids...)
 	return _u
 }
 // RemoveReads removes "reads" edges to AnnouncementRead entities.
 func (_u *AnnouncementUpdate) RemoveReads(v ...*AnnouncementRead) *AnnouncementUpdate {
 	ids := make([]int64, len(v))
 	for i := range v {
 		ids[i] = v[i].ID
 	}
 	return _u.RemoveReadIDs(ids...)
 }
 // Save executes the query and returns the number of nodes affected by the update operation.
 func (_u *AnnouncementUpdate) Save(ctx context.Context) (int, error) {
 	_u.defaults()
 	return withHooks(ctx, _u.sqlSave, _u.mutation, _u.hooks)
 }
 // SaveX is like Save, but panics if an error occurs.
 func (_u *AnnouncementUpdate) SaveX(ctx context.Context) int {
 	affected, err := _u.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return affected
 }
 // Exec executes the query.
 func (_u *AnnouncementUpdate) Exec(ctx context.Context) error {
 	_, err := _u.Save(ctx)
 	return err
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_u *AnnouncementUpdate) ExecX(ctx context.Context) {
 	if err := _u.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 // defaults sets the default values of the builder before save.
 func (_u *AnnouncementUpdate) defaults() {
 	if _, ok := _u.mutation.UpdatedAt(); !ok {
 		v := announcement.UpdateDefaultUpdatedAt()
 		_u.mutation.SetUpdatedAt(v)
 	}
 }
 // check runs all checks and user-defined validators on the builder.
 func (_u *AnnouncementUpdate) check() error {
 	if v, ok := _u.mutation.Title(); ok {
 		if err := announcement.TitleValidator(v); err != nil {
 			return &ValidationError{Name: "title", err: fmt.Errorf(`ent: validator failed for field "Announcement.title": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.Content(); ok {
 		if err := announcement.ContentValidator(v); err != nil {
 			return &ValidationError{Name: "content", err: fmt.Errorf(`ent: validator failed for field "Announcement.content": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.Status(); ok {
 		if err := announcement.StatusValidator(v); err != nil {
 			return &ValidationError{Name: "status", err: fmt.Errorf(`ent: validator failed for field "Announcement.status": %w`, err)}
 		}
 	}
 	return nil
 }
 func (_u *AnnouncementUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 	if err := _u.check(); err != nil {
 		return _node, err
 	}
 	_spec := sqlgraph.NewUpdateSpec(announcement.Table, announcement.Columns, sqlgraph.NewFieldSpec(announcement.FieldID, field.TypeInt64))
 	if ps := _u.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	if value, ok := _u.mutation.Title(); ok {
 		_spec.SetField(announcement.FieldTitle, field.TypeString, value)
 	}
 	if value, ok := _u.mutation.Content(); ok {
 		_spec.SetField(announcement.FieldContent, field.TypeString, value)
 	}
 	if value, ok := _u.mutation.Status(); ok {
 		_spec.SetField(announcement.FieldStatus, field.TypeString, value)
 	}
 	if value, ok := _u.mutation.Targeting(); ok {
 		_spec.SetField(announcement.FieldTargeting, field.TypeJSON, value)
 	}
 	if _u.mutation.TargetingCleared() {
 		_spec.ClearField(announcement.FieldTargeting, field.TypeJSON)
 	}
 	if value, ok := _u.mutation.StartsAt(); ok {
 		_spec.SetField(announcement.FieldStartsAt, field.TypeTime, value)
 	}
 	if _u.mutation.StartsAtCleared() {
 		_spec.ClearField(announcement.FieldStartsAt, field.TypeTime)
 	}
 	if value, ok := _u.mutation.EndsAt(); ok {
 		_spec.SetField(announcement.FieldEndsAt, field.TypeTime, value)
 	}
 	if _u.mutation.EndsAtCleared() {
 		_spec.ClearField(announcement.FieldEndsAt, field.TypeTime)
 	}
 	if value, ok := _u.mutation.CreatedBy(); ok {
 		_spec.SetField(announcement.FieldCreatedBy, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.AddedCreatedBy(); ok {
 		_spec.AddField(announcement.FieldCreatedBy, field.TypeInt64, value)
 	}
 	if _u.mutation.CreatedByCleared() {
 		_spec.ClearField(announcement.FieldCreatedBy, field.TypeInt64)
 	}
 	if value, ok := _u.mutation.UpdatedBy(); ok {
 		_spec.SetField(announcement.FieldUpdatedBy, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.AddedUpdatedBy(); ok {
 		_spec.AddField(announcement.FieldUpdatedBy, field.TypeInt64, value)
 	}
 	if _u.mutation.UpdatedByCleared() {
 		_spec.ClearField(announcement.FieldUpdatedBy, field.TypeInt64)
 	}
 	if value, ok := _u.mutation.UpdatedAt(); ok {
 		_spec.SetField(announcement.FieldUpdatedAt, field.TypeTime, value)
 	}
 	if _u.mutation.ReadsCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
 			Table:   announcement.ReadsTable,
 			Columns: []string{announcement.ReadsColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64),
 			},
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
 	if nodes := _u.mutation.RemovedReadsIDs(); len(nodes) > 0 && !_u.mutation.ReadsCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
 			Table:   announcement.ReadsTable,
 			Columns: []string{announcement.ReadsColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64),
 			},
 		}
 		for _, k := range nodes {
 			edge.Target.Nodes = append(edge.Target.Nodes, k)
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
 	if nodes := _u.mutation.ReadsIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
 			Table:   announcement.ReadsTable,
 			Columns: []string{announcement.ReadsColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64),
 			},
 		}
 		for _, k := range nodes {
 			edge.Target.Nodes = append(edge.Target.Nodes, k)
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
 	if _node, err = sqlgraph.UpdateNodes(ctx, _u.driver, _spec); err != nil {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{announcement.Label}
 		} else if sqlgraph.IsConstraintError(err) {
 			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return 0, err
 	}
 	_u.mutation.done = true
 	return _node, nil
 }
 // AnnouncementUpdateOne is the builder for updating a single Announcement entity.
 type AnnouncementUpdateOne struct {
 	config
 	fields   []string
 	hooks    []Hook
 	mutation *AnnouncementMutation
 }
 // SetTitle sets the "title" field.
 func (_u *AnnouncementUpdateOne) SetTitle(v string) *AnnouncementUpdateOne {
 	_u.mutation.SetTitle(v)
 	return _u
 }
 // SetNillableTitle sets the "title" field if the given value is not nil.
 func (_u *AnnouncementUpdateOne) SetNillableTitle(v *string) *AnnouncementUpdateOne {
 	if v != nil {
 		_u.SetTitle(*v)
 	}
 	return _u
 }
 // SetContent sets the "content" field.
 func (_u *AnnouncementUpdateOne) SetContent(v string) *AnnouncementUpdateOne {
 	_u.mutation.SetContent(v)
 	return _u
 }
 // SetNillableContent sets the "content" field if the given value is not nil.
 func (_u *AnnouncementUpdateOne) SetNillableContent(v *string) *AnnouncementUpdateOne {
 	if v != nil {
 		_u.SetContent(*v)
 	}
 	return _u
 }
 // SetStatus sets the "status" field.
 func (_u *AnnouncementUpdateOne) SetStatus(v string) *AnnouncementUpdateOne {
 	_u.mutation.SetStatus(v)
 	return _u
 }
 // SetNillableStatus sets the "status" field if the given value is not nil.
 func (_u *AnnouncementUpdateOne) SetNillableStatus(v *string) *AnnouncementUpdateOne {
 	if v != nil {
 		_u.SetStatus(*v)
 	}
 	return _u
 }
 // SetTargeting sets the "targeting" field.
 func (_u *AnnouncementUpdateOne) SetTargeting(v domain.AnnouncementTargeting) *AnnouncementUpdateOne {
 	_u.mutation.SetTargeting(v)
 	return _u
 }
 // SetNillableTargeting sets the "targeting" field if the given value is not nil.
 func (_u *AnnouncementUpdateOne) SetNillableTargeting(v *domain.AnnouncementTargeting) *AnnouncementUpdateOne {
 	if v != nil {
 		_u.SetTargeting(*v)
 	}
 	return _u
 }
 // ClearTargeting clears the value of the "targeting" field.
 func (_u *AnnouncementUpdateOne) ClearTargeting() *AnnouncementUpdateOne {
 	_u.mutation.ClearTargeting()
 	return _u
 }
 // SetStartsAt sets the "starts_at" field.
 func (_u *AnnouncementUpdateOne) SetStartsAt(v time.Time) *AnnouncementUpdateOne {
 	_u.mutation.SetStartsAt(v)
 	return _u
 }
 // SetNillableStartsAt sets the "starts_at" field if the given value is not nil.
 func (_u *AnnouncementUpdateOne) SetNillableStartsAt(v *time.Time) *AnnouncementUpdateOne {
 	if v != nil {
 		_u.SetStartsAt(*v)
 	}
 	return _u
 }
 // ClearStartsAt clears the value of the "starts_at" field.
 func (_u *AnnouncementUpdateOne) ClearStartsAt() *AnnouncementUpdateOne {
 	_u.mutation.ClearStartsAt()
 	return _u
 }
 // SetEndsAt sets the "ends_at" field.
 func (_u *AnnouncementUpdateOne) SetEndsAt(v time.Time) *AnnouncementUpdateOne {
 	_u.mutation.SetEndsAt(v)
 	return _u
 }
 // SetNillableEndsAt sets the "ends_at" field if the given value is not nil.
 func (_u *AnnouncementUpdateOne) SetNillableEndsAt(v *time.Time) *AnnouncementUpdateOne {
 	if v != nil {
 		_u.SetEndsAt(*v)
 	}
 	return _u
 }
 // ClearEndsAt clears the value of the "ends_at" field.
 func (_u *AnnouncementUpdateOne) ClearEndsAt() *AnnouncementUpdateOne {
 	_u.mutation.ClearEndsAt()
 	return _u
 }
 // SetCreatedBy sets the "created_by" field.
 func (_u *AnnouncementUpdateOne) SetCreatedBy(v int64) *AnnouncementUpdateOne {
 	_u.mutation.ResetCreatedBy()
 	_u.mutation.SetCreatedBy(v)
 	return _u
 }
 // SetNillableCreatedBy sets the "created_by" field if the given value is not nil.
 func (_u *AnnouncementUpdateOne) SetNillableCreatedBy(v *int64) *AnnouncementUpdateOne {
 	if v != nil {
 		_u.SetCreatedBy(*v)
 	}
 	return _u
 }
 // AddCreatedBy adds value to the "created_by" field.
 func (_u *AnnouncementUpdateOne) AddCreatedBy(v int64) *AnnouncementUpdateOne {
 	_u.mutation.AddCreatedBy(v)
 	return _u
 }
 // ClearCreatedBy clears the value of the "created_by" field.
 func (_u *AnnouncementUpdateOne) ClearCreatedBy() *AnnouncementUpdateOne {
 	_u.mutation.ClearCreatedBy()
 	return _u
 }
 // SetUpdatedBy sets the "updated_by" field.
 func (_u *AnnouncementUpdateOne) SetUpdatedBy(v int64) *AnnouncementUpdateOne {
 	_u.mutation.ResetUpdatedBy()
 	_u.mutation.SetUpdatedBy(v)
 	return _u
 }
 // SetNillableUpdatedBy sets the "updated_by" field if the given value is not nil.
 func (_u *AnnouncementUpdateOne) SetNillableUpdatedBy(v *int64) *AnnouncementUpdateOne {
 	if v != nil {
 		_u.SetUpdatedBy(*v)
 	}
 	return _u
 }
 // AddUpdatedBy adds value to the "updated_by" field.
 func (_u *AnnouncementUpdateOne) AddUpdatedBy(v int64) *AnnouncementUpdateOne {
 	_u.mutation.AddUpdatedBy(v)
 	return _u
 }
 // ClearUpdatedBy clears the value of the "updated_by" field.
 func (_u *AnnouncementUpdateOne) ClearUpdatedBy() *AnnouncementUpdateOne {
 	_u.mutation.ClearUpdatedBy()
 	return _u
 }
 // SetUpdatedAt sets the "updated_at" field.
 func (_u *AnnouncementUpdateOne) SetUpdatedAt(v time.Time) *AnnouncementUpdateOne {
 	_u.mutation.SetUpdatedAt(v)
 	return _u
 }
 // AddReadIDs adds the "reads" edge to the AnnouncementRead entity by IDs.
 func (_u *AnnouncementUpdateOne) AddReadIDs(ids ...int64) *AnnouncementUpdateOne {
 	_u.mutation.AddReadIDs(ids...)
 	return _u
 }
 // AddReads adds the "reads" edges to the AnnouncementRead entity.
 func (_u *AnnouncementUpdateOne) AddReads(v ...*AnnouncementRead) *AnnouncementUpdateOne {
 	ids := make([]int64, len(v))
 	for i := range v {
 		ids[i] = v[i].ID
 	}
 	return _u.AddReadIDs(ids...)
 }
 // Mutation returns the AnnouncementMutation object of the builder.
 func (_u *AnnouncementUpdateOne) Mutation() *AnnouncementMutation {
 	return _u.mutation
 }
 // ClearReads clears all "reads" edges to the AnnouncementRead entity.
 func (_u *AnnouncementUpdateOne) ClearReads() *AnnouncementUpdateOne {
 	_u.mutation.ClearReads()
 	return _u
 }
 // RemoveReadIDs removes the "reads" edge to AnnouncementRead entities by IDs.
 func (_u *AnnouncementUpdateOne) RemoveReadIDs(ids ...int64) *AnnouncementUpdateOne {
 	_u.mutation.RemoveReadIDs(ids...)
 	return _u
 }
 // RemoveReads removes "reads" edges to AnnouncementRead entities.
 func (_u *AnnouncementUpdateOne) RemoveReads(v ...*AnnouncementRead) *AnnouncementUpdateOne {
 	ids := make([]int64, len(v))
 	for i := range v {
 		ids[i] = v[i].ID
 	}
 	return _u.RemoveReadIDs(ids...)
 }
 // Where appends a list predicates to the AnnouncementUpdate builder.
 func (_u *AnnouncementUpdateOne) Where(ps ...predicate.Announcement) *AnnouncementUpdateOne {
 	_u.mutation.Where(ps...)
 	return _u
 }
 // Select allows selecting one or more fields (columns) of the returned entity.
 // The default is selecting all fields defined in the entity schema.
 func (_u *AnnouncementUpdateOne) Select(field string, fields ...string) *AnnouncementUpdateOne {
 	_u.fields = append([]string{field}, fields...)
 	return _u
 }
 // Save executes the query and returns the updated Announcement entity.
 func (_u *AnnouncementUpdateOne) Save(ctx context.Context) (*Announcement, error) {
 	_u.defaults()
 	return withHooks(ctx, _u.sqlSave, _u.mutation, _u.hooks)
 }
 // SaveX is like Save, but panics if an error occurs.
 func (_u *AnnouncementUpdateOne) SaveX(ctx context.Context) *Announcement {
 	node, err := _u.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return node
 }
 // Exec executes the query on the entity.
 func (_u *AnnouncementUpdateOne) Exec(ctx context.Context) error {
 	_, err := _u.Save(ctx)
 	return err
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_u *AnnouncementUpdateOne) ExecX(ctx context.Context) {
 	if err := _u.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 // defaults sets the default values of the builder before save.
 func (_u *AnnouncementUpdateOne) defaults() {
 	if _, ok := _u.mutation.UpdatedAt(); !ok {
 		v := announcement.UpdateDefaultUpdatedAt()
 		_u.mutation.SetUpdatedAt(v)
 	}
 }
 // check runs all checks and user-defined validators on the builder.
 func (_u *AnnouncementUpdateOne) check() error {
 	if v, ok := _u.mutation.Title(); ok {
 		if err := announcement.TitleValidator(v); err != nil {
 			return &ValidationError{Name: "title", err: fmt.Errorf(`ent: validator failed for field "Announcement.title": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.Content(); ok {
 		if err := announcement.ContentValidator(v); err != nil {
 			return &ValidationError{Name: "content", err: fmt.Errorf(`ent: validator failed for field "Announcement.content": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.Status(); ok {
 		if err := announcement.StatusValidator(v); err != nil {
 			return &ValidationError{Name: "status", err: fmt.Errorf(`ent: validator failed for field "Announcement.status": %w`, err)}
 		}
 	}
 	return nil
 }
 func (_u *AnnouncementUpdateOne) sqlSave(ctx context.Context) (_node *Announcement, err error) {
 	if err := _u.check(); err != nil {
 		return _node, err
 	}
 	_spec := sqlgraph.NewUpdateSpec(announcement.Table, announcement.Columns, sqlgraph.NewFieldSpec(announcement.FieldID, field.TypeInt64))
 	id, ok := _u.mutation.ID()
 	if !ok {
 		return nil, &ValidationError{Name: "id", err: errors.New(`ent: missing "Announcement.id" for update`)}
 	}
 	_spec.Node.ID.Value = id
 	if fields := _u.fields; len(fields) > 0 {
 		_spec.Node.Columns = make([]string, 0, len(fields))
 		_spec.Node.Columns = append(_spec.Node.Columns, announcement.FieldID)
 		for _, f := range fields {
 			if !announcement.ValidColumn(f) {
 				return nil, &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
 			}
 			if f != announcement.FieldID {
 				_spec.Node.Columns = append(_spec.Node.Columns, f)
 			}
 		}
 	}
 	if ps := _u.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	if value, ok := _u.mutation.Title(); ok {
 		_spec.SetField(announcement.FieldTitle, field.TypeString, value)
 	}
 	if value, ok := _u.mutation.Content(); ok {
 		_spec.SetField(announcement.FieldContent, field.TypeString, value)
 	}
 	if value, ok := _u.mutation.Status(); ok {
 		_spec.SetField(announcement.FieldStatus, field.TypeString, value)
 	}
 	if value, ok := _u.mutation.Targeting(); ok {
 		_spec.SetField(announcement.FieldTargeting, field.TypeJSON, value)
 	}
 	if _u.mutation.TargetingCleared() {
 		_spec.ClearField(announcement.FieldTargeting, field.TypeJSON)
 	}
 	if value, ok := _u.mutation.StartsAt(); ok {
 		_spec.SetField(announcement.FieldStartsAt, field.TypeTime, value)
 	}
 	if _u.mutation.StartsAtCleared() {
 		_spec.ClearField(announcement.FieldStartsAt, field.TypeTime)
 	}
 	if value, ok := _u.mutation.EndsAt(); ok {
 		_spec.SetField(announcement.FieldEndsAt, field.TypeTime, value)
 	}
 	if _u.mutation.EndsAtCleared() {
 		_spec.ClearField(announcement.FieldEndsAt, field.TypeTime)
 	}
 	if value, ok := _u.mutation.CreatedBy(); ok {
 		_spec.SetField(announcement.FieldCreatedBy, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.AddedCreatedBy(); ok {
 		_spec.AddField(announcement.FieldCreatedBy, field.TypeInt64, value)
 	}
 	if _u.mutation.CreatedByCleared() {
 		_spec.ClearField(announcement.FieldCreatedBy, field.TypeInt64)
 	}
 	if value, ok := _u.mutation.UpdatedBy(); ok {
 		_spec.SetField(announcement.FieldUpdatedBy, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.AddedUpdatedBy(); ok {
 		_spec.AddField(announcement.FieldUpdatedBy, field.TypeInt64, value)
 	}
 	if _u.mutation.UpdatedByCleared() {
 		_spec.ClearField(announcement.FieldUpdatedBy, field.TypeInt64)
 	}
 	if value, ok := _u.mutation.UpdatedAt(); ok {
 		_spec.SetField(announcement.FieldUpdatedAt, field.TypeTime, value)
 	}
 	if _u.mutation.ReadsCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
 			Table:   announcement.ReadsTable,
 			Columns: []string{announcement.ReadsColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64),
 			},
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
 	if nodes := _u.mutation.RemovedReadsIDs(); len(nodes) > 0 && !_u.mutation.ReadsCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
 			Table:   announcement.ReadsTable,
 			Columns: []string{announcement.ReadsColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64),
 			},
 		}
 		for _, k := range nodes {
 			edge.Target.Nodes = append(edge.Target.Nodes, k)
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
 	if nodes := _u.mutation.ReadsIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
 			Table:   announcement.ReadsTable,
 			Columns: []string{announcement.ReadsColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64),
 			},
 		}
 		for _, k := range nodes {
 			edge.Target.Nodes = append(edge.Target.Nodes, k)
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
 	_node = &Announcement{config: _u.config}
 	_spec.Assign = _node.assignValues
 	_spec.ScanValues = _node.scanValues
 	if err = sqlgraph.UpdateNode(ctx, _u.driver, _spec); err != nil {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{announcement.Label}
 		} else if sqlgraph.IsConstraintError(err) {
 			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
 	_u.mutation.done = true
 	return _node, nil
 }
--- a/backend/ent/announcementread.go
+++ b/backend/ent/announcementread.go
@@ -0,0 +1,185 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"fmt"
 	"strings"
 	"time"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect/sql"
 	"github.com/Wei-Shaw/sub2api/ent/announcement"
 	"github.com/Wei-Shaw/sub2api/ent/announcementread"
 	"github.com/Wei-Shaw/sub2api/ent/user"
 )
 // AnnouncementRead is the model entity for the AnnouncementRead schema.
 type AnnouncementRead struct {
 	config `json:"-"`
 	// ID of the ent.
 	ID int64 `json:"id,omitempty"`
 	// AnnouncementID holds the value of the "announcement_id" field.
 	AnnouncementID int64 `json:"announcement_id,omitempty"`
 	// UserID holds the value of the "user_id" field.
 	UserID int64 `json:"user_id,omitempty"`
 	// 用户首次已读时间
 	ReadAt time.Time `json:"read_at,omitempty"`
 	// CreatedAt holds the value of the "created_at" field.
 	CreatedAt time.Time `json:"created_at,omitempty"`
 	// Edges holds the relations/edges for other nodes in the graph.
 	// The values are being populated by the AnnouncementReadQuery when eager-loading is set.
 	Edges        AnnouncementReadEdges `json:"edges"`
 	selectValues sql.SelectValues
 }
 // AnnouncementReadEdges holds the relations/edges for other nodes in the graph.
 type AnnouncementReadEdges struct {
 	// Announcement holds the value of the announcement edge.
 	Announcement *Announcement `json:"announcement,omitempty"`
 	// User holds the value of the user edge.
 	User *User `json:"user,omitempty"`
 	// loadedTypes holds the information for reporting if a
 	// type was loaded (or requested) in eager-loading or not.
 	loadedTypes [2]bool
 }
 // AnnouncementOrErr returns the Announcement value or an error if the edge
 // was not loaded in eager-loading, or loaded but was not found.
 func (e AnnouncementReadEdges) AnnouncementOrErr() (*Announcement, error) {
 	if e.Announcement != nil {
 		return e.Announcement, nil
 	} else if e.loadedTypes[0] {
 		return nil, &NotFoundError{label: announcement.Label}
 	}
 	return nil, &NotLoadedError{edge: "announcement"}
 }
 // UserOrErr returns the User value or an error if the edge
 // was not loaded in eager-loading, or loaded but was not found.
 func (e AnnouncementReadEdges) UserOrErr() (*User, error) {
 	if e.User != nil {
 		return e.User, nil
 	} else if e.loadedTypes[1] {
 		return nil, &NotFoundError{label: user.Label}
 	}
 	return nil, &NotLoadedError{edge: "user"}
 }
 // scanValues returns the types for scanning values from sql.Rows.
 func (*AnnouncementRead) scanValues(columns []string) ([]any, error) {
 	values := make([]any, len(columns))
 	for i := range columns {
 		switch columns[i] {
 		case announcementread.FieldID, announcementread.FieldAnnouncementID, announcementread.FieldUserID:
 			values[i] = new(sql.NullInt64)
 		case announcementread.FieldReadAt, announcementread.FieldCreatedAt:
 			values[i] = new(sql.NullTime)
 		default:
 			values[i] = new(sql.UnknownType)
 		}
 	}
 	return values, nil
 }
 // assignValues assigns the values that were returned from sql.Rows (after scanning)
 // to the AnnouncementRead fields.
 func (_m *AnnouncementRead) assignValues(columns []string, values []any) error {
 	if m, n := len(values), len(columns); m < n {
 		return fmt.Errorf("mismatch number of scan values: %d != %d", m, n)
 	}
 	for i := range columns {
 		switch columns[i] {
 		case announcementread.FieldID:
 			value, ok := values[i].(*sql.NullInt64)
 			if !ok {
 				return fmt.Errorf("unexpected type %T for field id", value)
 			}
 			_m.ID = int64(value.Int64)
 		case announcementread.FieldAnnouncementID:
 			if value, ok := values[i].(*sql.NullInt64); !ok {
 				return fmt.Errorf("unexpected type %T for field announcement_id", values[i])
 			} else if value.Valid {
 				_m.AnnouncementID = value.Int64
 			}
 		case announcementread.FieldUserID:
 			if value, ok := values[i].(*sql.NullInt64); !ok {
 				return fmt.Errorf("unexpected type %T for field user_id", values[i])
 			} else if value.Valid {
 				_m.UserID = value.Int64
 			}
 		case announcementread.FieldReadAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field read_at", values[i])
 			} else if value.Valid {
 				_m.ReadAt = value.Time
 			}
 		case announcementread.FieldCreatedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field created_at", values[i])
 			} else if value.Valid {
 				_m.CreatedAt = value.Time
 			}
 		default:
 			_m.selectValues.Set(columns[i], values[i])
 		}
 	}
 	return nil
 }
 // Value returns the ent.Value that was dynamically selected and assigned to the AnnouncementRead.
 // This includes values selected through modifiers, order, etc.
 func (_m *AnnouncementRead) Value(name string) (ent.Value, error) {
 	return _m.selectValues.Get(name)
 }
 // QueryAnnouncement queries the "announcement" edge of the AnnouncementRead entity.
 func (_m *AnnouncementRead) QueryAnnouncement() *AnnouncementQuery {
 	return NewAnnouncementReadClient(_m.config).QueryAnnouncement(_m)
 }
 // QueryUser queries the "user" edge of the AnnouncementRead entity.
 func (_m *AnnouncementRead) QueryUser() *UserQuery {
 	return NewAnnouncementReadClient(_m.config).QueryUser(_m)
 }
 // Update returns a builder for updating this AnnouncementRead.
 // Note that you need to call AnnouncementRead.Unwrap() before calling this method if this AnnouncementRead
 // was returned from a transaction, and the transaction was committed or rolled back.
 func (_m *AnnouncementRead) Update() *AnnouncementReadUpdateOne {
 	return NewAnnouncementReadClient(_m.config).UpdateOne(_m)
 }
 // Unwrap unwraps the AnnouncementRead entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
 func (_m *AnnouncementRead) Unwrap() *AnnouncementRead {
 	_tx, ok := _m.config.driver.(*txDriver)
 	if !ok {
 		panic("ent: AnnouncementRead is not a transactional entity")
 	}
 	_m.config.driver = _tx.drv
 	return _m
 }
 // String implements the fmt.Stringer.
 func (_m *AnnouncementRead) String() string {
 	var builder strings.Builder
 	builder.WriteString("AnnouncementRead(")
 	builder.WriteString(fmt.Sprintf("id=%v, ", _m.ID))
 	builder.WriteString("announcement_id=")
 	builder.WriteString(fmt.Sprintf("%v", _m.AnnouncementID))
 	builder.WriteString(", ")
 	builder.WriteString("user_id=")
 	builder.WriteString(fmt.Sprintf("%v", _m.UserID))
 	builder.WriteString(", ")
 	builder.WriteString("read_at=")
 	builder.WriteString(_m.ReadAt.Format(time.ANSIC))
 	builder.WriteString(", ")
 	builder.WriteString("created_at=")
 	builder.WriteString(_m.CreatedAt.Format(time.ANSIC))
 	builder.WriteByte(')')
 	return builder.String()
 }
 // AnnouncementReads is a parsable slice of AnnouncementRead.
 type AnnouncementReads []*AnnouncementRead
--- a/backend/ent/announcementread/announcementread.go
+++ b/backend/ent/announcementread/announcementread.go
@@ -0,0 +1,127 @@
 // Code generated by ent, DO NOT EDIT.
 package announcementread
 import (
 	"time"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 )
 const (
 	// Label holds the string label denoting the announcementread type in the database.
 	Label = "announcement_read"
 	// FieldID holds the string denoting the id field in the database.
 	FieldID = "id"
 	// FieldAnnouncementID holds the string denoting the announcement_id field in the database.
 	FieldAnnouncementID = "announcement_id"
 	// FieldUserID holds the string denoting the user_id field in the database.
 	FieldUserID = "user_id"
 	// FieldReadAt holds the string denoting the read_at field in the database.
 	FieldReadAt = "read_at"
 	// FieldCreatedAt holds the string denoting the created_at field in the database.
 	FieldCreatedAt = "created_at"
 	// EdgeAnnouncement holds the string denoting the announcement edge name in mutations.
 	EdgeAnnouncement = "announcement"
 	// EdgeUser holds the string denoting the user edge name in mutations.
 	EdgeUser = "user"
 	// Table holds the table name of the announcementread in the database.
 	Table = "announcement_reads"
 	// AnnouncementTable is the table that holds the announcement relation/edge.
 	AnnouncementTable = "announcement_reads"
 	// AnnouncementInverseTable is the table name for the Announcement entity.
 	// It exists in this package in order to avoid circular dependency with the "announcement" package.
 	AnnouncementInverseTable = "announcements"
 	// AnnouncementColumn is the table column denoting the announcement relation/edge.
 	AnnouncementColumn = "announcement_id"
 	// UserTable is the table that holds the user relation/edge.
 	UserTable = "announcement_reads"
 	// UserInverseTable is the table name for the User entity.
 	// It exists in this package in order to avoid circular dependency with the "user" package.
 	UserInverseTable = "users"
 	// UserColumn is the table column denoting the user relation/edge.
 	UserColumn = "user_id"
 )
 // Columns holds all SQL columns for announcementread fields.
 var Columns = []string{
 	FieldID,
 	FieldAnnouncementID,
 	FieldUserID,
 	FieldReadAt,
 	FieldCreatedAt,
 }
 // ValidColumn reports if the column name is valid (part of the table columns).
 func ValidColumn(column string) bool {
 	for i := range Columns {
 		if column == Columns[i] {
 			return true
 		}
 	}
 	return false
 }
 var (
 	// DefaultReadAt holds the default value on creation for the "read_at" field.
 	DefaultReadAt func() time.Time
 	// DefaultCreatedAt holds the default value on creation for the "created_at" field.
 	DefaultCreatedAt func() time.Time
 )
 // OrderOption defines the ordering options for the AnnouncementRead queries.
 type OrderOption func(*sql.Selector)
 // ByID orders the results by the id field.
 func ByID(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldID, opts...).ToFunc()
 }
 // ByAnnouncementID orders the results by the announcement_id field.
 func ByAnnouncementID(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldAnnouncementID, opts...).ToFunc()
 }
 // ByUserID orders the results by the user_id field.
 func ByUserID(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldUserID, opts...).ToFunc()
 }
 // ByReadAt orders the results by the read_at field.
 func ByReadAt(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldReadAt, opts...).ToFunc()
 }
 // ByCreatedAt orders the results by the created_at field.
 func ByCreatedAt(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldCreatedAt, opts...).ToFunc()
 }
 // ByAnnouncementField orders the results by announcement field.
 func ByAnnouncementField(field string, opts ...sql.OrderTermOption) OrderOption {
 	return func(s *sql.Selector) {
 		sqlgraph.OrderByNeighborTerms(s, newAnnouncementStep(), sql.OrderByField(field, opts...))
 	}
 }
 // ByUserField orders the results by user field.
 func ByUserField(field string, opts ...sql.OrderTermOption) OrderOption {
 	return func(s *sql.Selector) {
 		sqlgraph.OrderByNeighborTerms(s, newUserStep(), sql.OrderByField(field, opts...))
 	}
 }
 func newAnnouncementStep() *sqlgraph.Step {
 	return sqlgraph.NewStep(
 		sqlgraph.From(Table, FieldID),
 		sqlgraph.To(AnnouncementInverseTable, FieldID),
 		sqlgraph.Edge(sqlgraph.M2O, true, AnnouncementTable, AnnouncementColumn),
 	)
 }
 func newUserStep() *sqlgraph.Step {
 	return sqlgraph.NewStep(
 		sqlgraph.From(Table, FieldID),
 		sqlgraph.To(UserInverseTable, FieldID),
 		sqlgraph.Edge(sqlgraph.M2O, true, UserTable, UserColumn),
 	)
 }
--- a/backend/ent/announcementread/where.go
+++ b/backend/ent/announcementread/where.go
@@ -0,0 +1,257 @@
 // Code generated by ent, DO NOT EDIT.
 package announcementread
 import (
 	"time"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 )
 // ID filters vertices based on their ID field.
 func ID(id int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldEQ(FieldID, id))
 }
 // IDEQ applies the EQ predicate on the ID field.
 func IDEQ(id int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldEQ(FieldID, id))
 }
 // IDNEQ applies the NEQ predicate on the ID field.
 func IDNEQ(id int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldNEQ(FieldID, id))
 }
 // IDIn applies the In predicate on the ID field.
 func IDIn(ids ...int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldIn(FieldID, ids...))
 }
 // IDNotIn applies the NotIn predicate on the ID field.
 func IDNotIn(ids ...int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldNotIn(FieldID, ids...))
 }
 // IDGT applies the GT predicate on the ID field.
 func IDGT(id int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldGT(FieldID, id))
 }
 // IDGTE applies the GTE predicate on the ID field.
 func IDGTE(id int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldGTE(FieldID, id))
 }
 // IDLT applies the LT predicate on the ID field.
 func IDLT(id int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldLT(FieldID, id))
 }
 // IDLTE applies the LTE predicate on the ID field.
 func IDLTE(id int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldLTE(FieldID, id))
 }
 // AnnouncementID applies equality check predicate on the "announcement_id" field. It's identical to AnnouncementIDEQ.
 func AnnouncementID(v int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldEQ(FieldAnnouncementID, v))
 }
 // UserID applies equality check predicate on the "user_id" field. It's identical to UserIDEQ.
 func UserID(v int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldEQ(FieldUserID, v))
 }
 // ReadAt applies equality check predicate on the "read_at" field. It's identical to ReadAtEQ.
 func ReadAt(v time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldEQ(FieldReadAt, v))
 }
 // CreatedAt applies equality check predicate on the "created_at" field. It's identical to CreatedAtEQ.
 func CreatedAt(v time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldEQ(FieldCreatedAt, v))
 }
 // AnnouncementIDEQ applies the EQ predicate on the "announcement_id" field.
 func AnnouncementIDEQ(v int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldEQ(FieldAnnouncementID, v))
 }
 // AnnouncementIDNEQ applies the NEQ predicate on the "announcement_id" field.
 func AnnouncementIDNEQ(v int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldNEQ(FieldAnnouncementID, v))
 }
 // AnnouncementIDIn applies the In predicate on the "announcement_id" field.
 func AnnouncementIDIn(vs ...int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldIn(FieldAnnouncementID, vs...))
 }
 // AnnouncementIDNotIn applies the NotIn predicate on the "announcement_id" field.
 func AnnouncementIDNotIn(vs ...int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldNotIn(FieldAnnouncementID, vs...))
 }
 // UserIDEQ applies the EQ predicate on the "user_id" field.
 func UserIDEQ(v int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldEQ(FieldUserID, v))
 }
 // UserIDNEQ applies the NEQ predicate on the "user_id" field.
 func UserIDNEQ(v int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldNEQ(FieldUserID, v))
 }
 // UserIDIn applies the In predicate on the "user_id" field.
 func UserIDIn(vs ...int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldIn(FieldUserID, vs...))
 }
 // UserIDNotIn applies the NotIn predicate on the "user_id" field.
 func UserIDNotIn(vs ...int64) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldNotIn(FieldUserID, vs...))
 }
 // ReadAtEQ applies the EQ predicate on the "read_at" field.
 func ReadAtEQ(v time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldEQ(FieldReadAt, v))
 }
 // ReadAtNEQ applies the NEQ predicate on the "read_at" field.
 func ReadAtNEQ(v time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldNEQ(FieldReadAt, v))
 }
 // ReadAtIn applies the In predicate on the "read_at" field.
 func ReadAtIn(vs ...time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldIn(FieldReadAt, vs...))
 }
 // ReadAtNotIn applies the NotIn predicate on the "read_at" field.
 func ReadAtNotIn(vs ...time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldNotIn(FieldReadAt, vs...))
 }
 // ReadAtGT applies the GT predicate on the "read_at" field.
 func ReadAtGT(v time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldGT(FieldReadAt, v))
 }
 // ReadAtGTE applies the GTE predicate on the "read_at" field.
 func ReadAtGTE(v time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldGTE(FieldReadAt, v))
 }
 // ReadAtLT applies the LT predicate on the "read_at" field.
 func ReadAtLT(v time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldLT(FieldReadAt, v))
 }
 // ReadAtLTE applies the LTE predicate on the "read_at" field.
 func ReadAtLTE(v time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldLTE(FieldReadAt, v))
 }
 // CreatedAtEQ applies the EQ predicate on the "created_at" field.
 func CreatedAtEQ(v time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldEQ(FieldCreatedAt, v))
 }
 // CreatedAtNEQ applies the NEQ predicate on the "created_at" field.
 func CreatedAtNEQ(v time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldNEQ(FieldCreatedAt, v))
 }
 // CreatedAtIn applies the In predicate on the "created_at" field.
 func CreatedAtIn(vs ...time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldIn(FieldCreatedAt, vs...))
 }
 // CreatedAtNotIn applies the NotIn predicate on the "created_at" field.
 func CreatedAtNotIn(vs ...time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldNotIn(FieldCreatedAt, vs...))
 }
 // CreatedAtGT applies the GT predicate on the "created_at" field.
 func CreatedAtGT(v time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldGT(FieldCreatedAt, v))
 }
 // CreatedAtGTE applies the GTE predicate on the "created_at" field.
 func CreatedAtGTE(v time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldGTE(FieldCreatedAt, v))
 }
 // CreatedAtLT applies the LT predicate on the "created_at" field.
 func CreatedAtLT(v time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldLT(FieldCreatedAt, v))
 }
 // CreatedAtLTE applies the LTE predicate on the "created_at" field.
 func CreatedAtLTE(v time.Time) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.FieldLTE(FieldCreatedAt, v))
 }
 // HasAnnouncement applies the HasEdge predicate on the "announcement" edge.
 func HasAnnouncement() predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(func(s *sql.Selector) {
 		step := sqlgraph.NewStep(
 			sqlgraph.From(Table, FieldID),
 			sqlgraph.Edge(sqlgraph.M2O, true, AnnouncementTable, AnnouncementColumn),
 		)
 		sqlgraph.HasNeighbors(s, step)
 	})
 }
 // HasAnnouncementWith applies the HasEdge predicate on the "announcement" edge with a given conditions (other predicates).
 func HasAnnouncementWith(preds ...predicate.Announcement) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(func(s *sql.Selector) {
 		step := newAnnouncementStep()
 		sqlgraph.HasNeighborsWith(s, step, func(s *sql.Selector) {
 			for _, p := range preds {
 				p(s)
 			}
 		})
 	})
 }
 // HasUser applies the HasEdge predicate on the "user" edge.
 func HasUser() predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(func(s *sql.Selector) {
 		step := sqlgraph.NewStep(
 			sqlgraph.From(Table, FieldID),
 			sqlgraph.Edge(sqlgraph.M2O, true, UserTable, UserColumn),
 		)
 		sqlgraph.HasNeighbors(s, step)
 	})
 }
 // HasUserWith applies the HasEdge predicate on the "user" edge with a given conditions (other predicates).
 func HasUserWith(preds ...predicate.User) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(func(s *sql.Selector) {
 		step := newUserStep()
 		sqlgraph.HasNeighborsWith(s, step, func(s *sql.Selector) {
 			for _, p := range preds {
 				p(s)
 			}
 		})
 	})
 }
 // And groups predicates with the AND operator between them.
 func And(predicates ...predicate.AnnouncementRead) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.AndPredicates(predicates...))
 }
 // Or groups predicates with the OR operator between them.
 func Or(predicates ...predicate.AnnouncementRead) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.OrPredicates(predicates...))
 }
 // Not applies the not operator on the given predicate.
 func Not(p predicate.AnnouncementRead) predicate.AnnouncementRead {
 	return predicate.AnnouncementRead(sql.NotPredicates(p))
 }
--- a/backend/ent/announcementread_create.go
+++ b/backend/ent/announcementread_create.go
@@ -0,0 +1,660 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"context"
 	"errors"
 	"fmt"
 	"time"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/announcement"
 	"github.com/Wei-Shaw/sub2api/ent/announcementread"
 	"github.com/Wei-Shaw/sub2api/ent/user"
 )
 // AnnouncementReadCreate is the builder for creating a AnnouncementRead entity.
 type AnnouncementReadCreate struct {
 	config
 	mutation *AnnouncementReadMutation
 	hooks    []Hook
 	conflict []sql.ConflictOption
 }
 // SetAnnouncementID sets the "announcement_id" field.
 func (_c *AnnouncementReadCreate) SetAnnouncementID(v int64) *AnnouncementReadCreate {
 	_c.mutation.SetAnnouncementID(v)
 	return _c
 }
 // SetUserID sets the "user_id" field.
 func (_c *AnnouncementReadCreate) SetUserID(v int64) *AnnouncementReadCreate {
 	_c.mutation.SetUserID(v)
 	return _c
 }
 // SetReadAt sets the "read_at" field.
 func (_c *AnnouncementReadCreate) SetReadAt(v time.Time) *AnnouncementReadCreate {
 	_c.mutation.SetReadAt(v)
 	return _c
 }
 // SetNillableReadAt sets the "read_at" field if the given value is not nil.
 func (_c *AnnouncementReadCreate) SetNillableReadAt(v *time.Time) *AnnouncementReadCreate {
 	if v != nil {
 		_c.SetReadAt(*v)
 	}
 	return _c
 }
 // SetCreatedAt sets the "created_at" field.
 func (_c *AnnouncementReadCreate) SetCreatedAt(v time.Time) *AnnouncementReadCreate {
 	_c.mutation.SetCreatedAt(v)
 	return _c
 }
 // SetNillableCreatedAt sets the "created_at" field if the given value is not nil.
 func (_c *AnnouncementReadCreate) SetNillableCreatedAt(v *time.Time) *AnnouncementReadCreate {
 	if v != nil {
 		_c.SetCreatedAt(*v)
 	}
 	return _c
 }
 // SetAnnouncement sets the "announcement" edge to the Announcement entity.
 func (_c *AnnouncementReadCreate) SetAnnouncement(v *Announcement) *AnnouncementReadCreate {
 	return _c.SetAnnouncementID(v.ID)
 }
 // SetUser sets the "user" edge to the User entity.
 func (_c *AnnouncementReadCreate) SetUser(v *User) *AnnouncementReadCreate {
 	return _c.SetUserID(v.ID)
 }
 // Mutation returns the AnnouncementReadMutation object of the builder.
 func (_c *AnnouncementReadCreate) Mutation() *AnnouncementReadMutation {
 	return _c.mutation
 }
 // Save creates the AnnouncementRead in the database.
 func (_c *AnnouncementReadCreate) Save(ctx context.Context) (*AnnouncementRead, error) {
 	_c.defaults()
 	return withHooks(ctx, _c.sqlSave, _c.mutation, _c.hooks)
 }
 // SaveX calls Save and panics if Save returns an error.
 func (_c *AnnouncementReadCreate) SaveX(ctx context.Context) *AnnouncementRead {
 	v, err := _c.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return v
 }
 // Exec executes the query.
 func (_c *AnnouncementReadCreate) Exec(ctx context.Context) error {
 	_, err := _c.Save(ctx)
 	return err
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_c *AnnouncementReadCreate) ExecX(ctx context.Context) {
 	if err := _c.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 // defaults sets the default values of the builder before save.
 func (_c *AnnouncementReadCreate) defaults() {
 	if _, ok := _c.mutation.ReadAt(); !ok {
 		v := announcementread.DefaultReadAt()
 		_c.mutation.SetReadAt(v)
 	}
 	if _, ok := _c.mutation.CreatedAt(); !ok {
 		v := announcementread.DefaultCreatedAt()
 		_c.mutation.SetCreatedAt(v)
 	}
 }
 // check runs all checks and user-defined validators on the builder.
 func (_c *AnnouncementReadCreate) check() error {
 	if _, ok := _c.mutation.AnnouncementID(); !ok {
 		return &ValidationError{Name: "announcement_id", err: errors.New(`ent: missing required field "AnnouncementRead.announcement_id"`)}
 	}
 	if _, ok := _c.mutation.UserID(); !ok {
 		return &ValidationError{Name: "user_id", err: errors.New(`ent: missing required field "AnnouncementRead.user_id"`)}
 	}
 	if _, ok := _c.mutation.ReadAt(); !ok {
 		return &ValidationError{Name: "read_at", err: errors.New(`ent: missing required field "AnnouncementRead.read_at"`)}
 	}
 	if _, ok := _c.mutation.CreatedAt(); !ok {
 		return &ValidationError{Name: "created_at", err: errors.New(`ent: missing required field "AnnouncementRead.created_at"`)}
 	}
 	if len(_c.mutation.AnnouncementIDs()) == 0 {
 		return &ValidationError{Name: "announcement", err: errors.New(`ent: missing required edge "AnnouncementRead.announcement"`)}
 	}
 	if len(_c.mutation.UserIDs()) == 0 {
 		return &ValidationError{Name: "user", err: errors.New(`ent: missing required edge "AnnouncementRead.user"`)}
 	}
 	return nil
 }
 func (_c *AnnouncementReadCreate) sqlSave(ctx context.Context) (*AnnouncementRead, error) {
 	if err := _c.check(); err != nil {
 		return nil, err
 	}
 	_node, _spec := _c.createSpec()
 	if err := sqlgraph.CreateNode(ctx, _c.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
 			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
 	id := _spec.ID.Value.(int64)
 	_node.ID = int64(id)
 	_c.mutation.id = &_node.ID
 	_c.mutation.done = true
 	return _node, nil
 }
 func (_c *AnnouncementReadCreate) createSpec() (*AnnouncementRead, *sqlgraph.CreateSpec) {
 	var (
 		_node = &AnnouncementRead{config: _c.config}
 		_spec = sqlgraph.NewCreateSpec(announcementread.Table, sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64))
 	)
 	_spec.OnConflict = _c.conflict
 	if value, ok := _c.mutation.ReadAt(); ok {
 		_spec.SetField(announcementread.FieldReadAt, field.TypeTime, value)
 		_node.ReadAt = value
 	}
 	if value, ok := _c.mutation.CreatedAt(); ok {
 		_spec.SetField(announcementread.FieldCreatedAt, field.TypeTime, value)
 		_node.CreatedAt = value
 	}
 	if nodes := _c.mutation.AnnouncementIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
 			Table:   announcementread.AnnouncementTable,
 			Columns: []string{announcementread.AnnouncementColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcement.FieldID, field.TypeInt64),
 			},
 		}
 		for _, k := range nodes {
 			edge.Target.Nodes = append(edge.Target.Nodes, k)
 		}
 		_node.AnnouncementID = nodes[0]
 		_spec.Edges = append(_spec.Edges, edge)
 	}
 	if nodes := _c.mutation.UserIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
 			Table:   announcementread.UserTable,
 			Columns: []string{announcementread.UserColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(user.FieldID, field.TypeInt64),
 			},
 		}
 		for _, k := range nodes {
 			edge.Target.Nodes = append(edge.Target.Nodes, k)
 		}
 		_node.UserID = nodes[0]
 		_spec.Edges = append(_spec.Edges, edge)
 	}
 	return _node, _spec
 }
 // OnConflict allows configuring the `ON CONFLICT` / `ON DUPLICATE KEY` clause
 // of the `INSERT` statement. For example:
 //
 //	client.AnnouncementRead.Create().
 //		SetAnnouncementID(v).
 //		OnConflict(
 //			// Update the row with the new values
 //			// the was proposed for insertion.
 //			sql.ResolveWithNewValues(),
 //		).
 //		// Override some of the fields with custom
 //		// update values.
 //		Update(func(u *ent.AnnouncementReadUpsert) {
 //			SetAnnouncementID(v+v).
 //		}).
 //		Exec(ctx)
 func (_c *AnnouncementReadCreate) OnConflict(opts ...sql.ConflictOption) *AnnouncementReadUpsertOne {
 	_c.conflict = opts
 	return &AnnouncementReadUpsertOne{
 		create: _c,
 	}
 }
 // OnConflictColumns calls `OnConflict` and configures the columns
 // as conflict target. Using this option is equivalent to using:
 //
 //	client.AnnouncementRead.Create().
 //		OnConflict(sql.ConflictColumns(columns...)).
 //		Exec(ctx)
 func (_c *AnnouncementReadCreate) OnConflictColumns(columns ...string) *AnnouncementReadUpsertOne {
 	_c.conflict = append(_c.conflict, sql.ConflictColumns(columns...))
 	return &AnnouncementReadUpsertOne{
 		create: _c,
 	}
 }
 type (
 	// AnnouncementReadUpsertOne is the builder for "upsert"-ing
 	//  one AnnouncementRead node.
 	AnnouncementReadUpsertOne struct {
 		create *AnnouncementReadCreate
 	}
 	// AnnouncementReadUpsert is the "OnConflict" setter.
 	AnnouncementReadUpsert struct {
 		*sql.UpdateSet
 	}
 )
 // SetAnnouncementID sets the "announcement_id" field.
 func (u *AnnouncementReadUpsert) SetAnnouncementID(v int64) *AnnouncementReadUpsert {
 	u.Set(announcementread.FieldAnnouncementID, v)
 	return u
 }
 // UpdateAnnouncementID sets the "announcement_id" field to the value that was provided on create.
 func (u *AnnouncementReadUpsert) UpdateAnnouncementID() *AnnouncementReadUpsert {
 	u.SetExcluded(announcementread.FieldAnnouncementID)
 	return u
 }
 // SetUserID sets the "user_id" field.
 func (u *AnnouncementReadUpsert) SetUserID(v int64) *AnnouncementReadUpsert {
 	u.Set(announcementread.FieldUserID, v)
 	return u
 }
 // UpdateUserID sets the "user_id" field to the value that was provided on create.
 func (u *AnnouncementReadUpsert) UpdateUserID() *AnnouncementReadUpsert {
 	u.SetExcluded(announcementread.FieldUserID)
 	return u
 }
 // SetReadAt sets the "read_at" field.
 func (u *AnnouncementReadUpsert) SetReadAt(v time.Time) *AnnouncementReadUpsert {
 	u.Set(announcementread.FieldReadAt, v)
 	return u
 }
 // UpdateReadAt sets the "read_at" field to the value that was provided on create.
 func (u *AnnouncementReadUpsert) UpdateReadAt() *AnnouncementReadUpsert {
 	u.SetExcluded(announcementread.FieldReadAt)
 	return u
 }
 // UpdateNewValues updates the mutable fields using the new values that were set on create.
 // Using this option is equivalent to using:
 //
 //	client.AnnouncementRead.Create().
 //		OnConflict(
 //			sql.ResolveWithNewValues(),
 //		).
 //		Exec(ctx)
 func (u *AnnouncementReadUpsertOne) UpdateNewValues() *AnnouncementReadUpsertOne {
 	u.create.conflict = append(u.create.conflict, sql.ResolveWithNewValues())
 	u.create.conflict = append(u.create.conflict, sql.ResolveWith(func(s *sql.UpdateSet) {
 		if _, exists := u.create.mutation.CreatedAt(); exists {
 			s.SetIgnore(announcementread.FieldCreatedAt)
 		}
 	}))
 	return u
 }
 // Ignore sets each column to itself in case of conflict.
 // Using this option is equivalent to using:
 //
 //	client.AnnouncementRead.Create().
 //	    OnConflict(sql.ResolveWithIgnore()).
 //	    Exec(ctx)
 func (u *AnnouncementReadUpsertOne) Ignore() *AnnouncementReadUpsertOne {
 	u.create.conflict = append(u.create.conflict, sql.ResolveWithIgnore())
 	return u
 }
 // DoNothing configures the conflict_action to `DO NOTHING`.
 // Supported only by SQLite and PostgreSQL.
 func (u *AnnouncementReadUpsertOne) DoNothing() *AnnouncementReadUpsertOne {
 	u.create.conflict = append(u.create.conflict, sql.DoNothing())
 	return u
 }
 // Update allows overriding fields `UPDATE` values. See the AnnouncementReadCreate.OnConflict
 // documentation for more info.
 func (u *AnnouncementReadUpsertOne) Update(set func(*AnnouncementReadUpsert)) *AnnouncementReadUpsertOne {
 	u.create.conflict = append(u.create.conflict, sql.ResolveWith(func(update *sql.UpdateSet) {
 		set(&AnnouncementReadUpsert{UpdateSet: update})
 	}))
 	return u
 }
 // SetAnnouncementID sets the "announcement_id" field.
 func (u *AnnouncementReadUpsertOne) SetAnnouncementID(v int64) *AnnouncementReadUpsertOne {
 	return u.Update(func(s *AnnouncementReadUpsert) {
 		s.SetAnnouncementID(v)
 	})
 }
 // UpdateAnnouncementID sets the "announcement_id" field to the value that was provided on create.
 func (u *AnnouncementReadUpsertOne) UpdateAnnouncementID() *AnnouncementReadUpsertOne {
 	return u.Update(func(s *AnnouncementReadUpsert) {
 		s.UpdateAnnouncementID()
 	})
 }
 // SetUserID sets the "user_id" field.
 func (u *AnnouncementReadUpsertOne) SetUserID(v int64) *AnnouncementReadUpsertOne {
 	return u.Update(func(s *AnnouncementReadUpsert) {
 		s.SetUserID(v)
 	})
 }
 // UpdateUserID sets the "user_id" field to the value that was provided on create.
 func (u *AnnouncementReadUpsertOne) UpdateUserID() *AnnouncementReadUpsertOne {
 	return u.Update(func(s *AnnouncementReadUpsert) {
 		s.UpdateUserID()
 	})
 }
 // SetReadAt sets the "read_at" field.
 func (u *AnnouncementReadUpsertOne) SetReadAt(v time.Time) *AnnouncementReadUpsertOne {
 	return u.Update(func(s *AnnouncementReadUpsert) {
 		s.SetReadAt(v)
 	})
 }
 // UpdateReadAt sets the "read_at" field to the value that was provided on create.
 func (u *AnnouncementReadUpsertOne) UpdateReadAt() *AnnouncementReadUpsertOne {
 	return u.Update(func(s *AnnouncementReadUpsert) {
 		s.UpdateReadAt()
 	})
 }
 // Exec executes the query.
 func (u *AnnouncementReadUpsertOne) Exec(ctx context.Context) error {
 	if len(u.create.conflict) == 0 {
 		return errors.New("ent: missing options for AnnouncementReadCreate.OnConflict")
 	}
 	return u.create.Exec(ctx)
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (u *AnnouncementReadUpsertOne) ExecX(ctx context.Context) {
 	if err := u.create.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 // Exec executes the UPSERT query and returns the inserted/updated ID.
 func (u *AnnouncementReadUpsertOne) ID(ctx context.Context) (id int64, err error) {
 	node, err := u.create.Save(ctx)
 	if err != nil {
 		return id, err
 	}
 	return node.ID, nil
 }
 // IDX is like ID, but panics if an error occurs.
 func (u *AnnouncementReadUpsertOne) IDX(ctx context.Context) int64 {
 	id, err := u.ID(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return id
 }
 // AnnouncementReadCreateBulk is the builder for creating many AnnouncementRead entities in bulk.
 type AnnouncementReadCreateBulk struct {
 	config
 	err      error
 	builders []*AnnouncementReadCreate
 	conflict []sql.ConflictOption
 }
 // Save creates the AnnouncementRead entities in the database.
 func (_c *AnnouncementReadCreateBulk) Save(ctx context.Context) ([]*AnnouncementRead, error) {
 	if _c.err != nil {
 		return nil, _c.err
 	}
 	specs := make([]*sqlgraph.CreateSpec, len(_c.builders))
 	nodes := make([]*AnnouncementRead, len(_c.builders))
 	mutators := make([]Mutator, len(_c.builders))
 	for i := range _c.builders {
 		func(i int, root context.Context) {
 			builder := _c.builders[i]
 			builder.defaults()
 			var mut Mutator = MutateFunc(func(ctx context.Context, m Mutation) (Value, error) {
 				mutation, ok := m.(*AnnouncementReadMutation)
 				if !ok {
 					return nil, fmt.Errorf("unexpected mutation type %T", m)
 				}
 				if err := builder.check(); err != nil {
 					return nil, err
 				}
 				builder.mutation = mutation
 				var err error
 				nodes[i], specs[i] = builder.createSpec()
 				if i < len(mutators)-1 {
 					_, err = mutators[i+1].Mutate(root, _c.builders[i+1].mutation)
 				} else {
 					spec := &sqlgraph.BatchCreateSpec{Nodes: specs}
 					spec.OnConflict = _c.conflict
 					// Invoke the actual operation on the latest mutation in the chain.
 					if err = sqlgraph.BatchCreate(ctx, _c.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
 							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
 					}
 				}
 				if err != nil {
 					return nil, err
 				}
 				mutation.id = &nodes[i].ID
 				if specs[i].ID.Value != nil {
 					id := specs[i].ID.Value.(int64)
 					nodes[i].ID = int64(id)
 				}
 				mutation.done = true
 				return nodes[i], nil
 			})
 			for i := len(builder.hooks) - 1; i >= 0; i-- {
 				mut = builder.hooks[i](mut)
 			}
 			mutators[i] = mut
 		}(i, ctx)
 	}
 	if len(mutators) > 0 {
 		if _, err := mutators[0].Mutate(ctx, _c.builders[0].mutation); err != nil {
 			return nil, err
 		}
 	}
 	return nodes, nil
 }
 // SaveX is like Save, but panics if an error occurs.
 func (_c *AnnouncementReadCreateBulk) SaveX(ctx context.Context) []*AnnouncementRead {
 	v, err := _c.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return v
 }
 // Exec executes the query.
 func (_c *AnnouncementReadCreateBulk) Exec(ctx context.Context) error {
 	_, err := _c.Save(ctx)
 	return err
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_c *AnnouncementReadCreateBulk) ExecX(ctx context.Context) {
 	if err := _c.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 // OnConflict allows configuring the `ON CONFLICT` / `ON DUPLICATE KEY` clause
 // of the `INSERT` statement. For example:
 //
 //	client.AnnouncementRead.CreateBulk(builders...).
 //		OnConflict(
 //			// Update the row with the new values
 //			// the was proposed for insertion.
 //			sql.ResolveWithNewValues(),
 //		).
 //		// Override some of the fields with custom
 //		// update values.
 //		Update(func(u *ent.AnnouncementReadUpsert) {
 //			SetAnnouncementID(v+v).
 //		}).
 //		Exec(ctx)
 func (_c *AnnouncementReadCreateBulk) OnConflict(opts ...sql.ConflictOption) *AnnouncementReadUpsertBulk {
 	_c.conflict = opts
 	return &AnnouncementReadUpsertBulk{
 		create: _c,
 	}
 }
 // OnConflictColumns calls `OnConflict` and configures the columns
 // as conflict target. Using this option is equivalent to using:
 //
 //	client.AnnouncementRead.Create().
 //		OnConflict(sql.ConflictColumns(columns...)).
 //		Exec(ctx)
 func (_c *AnnouncementReadCreateBulk) OnConflictColumns(columns ...string) *AnnouncementReadUpsertBulk {
 	_c.conflict = append(_c.conflict, sql.ConflictColumns(columns...))
 	return &AnnouncementReadUpsertBulk{
 		create: _c,
 	}
 }
 // AnnouncementReadUpsertBulk is the builder for "upsert"-ing
 // a bulk of AnnouncementRead nodes.
 type AnnouncementReadUpsertBulk struct {
 	create *AnnouncementReadCreateBulk
 }
 // UpdateNewValues updates the mutable fields using the new values that
 // were set on create. Using this option is equivalent to using:
 //
 //	client.AnnouncementRead.Create().
 //		OnConflict(
 //			sql.ResolveWithNewValues(),
 //		).
 //		Exec(ctx)
 func (u *AnnouncementReadUpsertBulk) UpdateNewValues() *AnnouncementReadUpsertBulk {
 	u.create.conflict = append(u.create.conflict, sql.ResolveWithNewValues())
 	u.create.conflict = append(u.create.conflict, sql.ResolveWith(func(s *sql.UpdateSet) {
 		for _, b := range u.create.builders {
 			if _, exists := b.mutation.CreatedAt(); exists {
 				s.SetIgnore(announcementread.FieldCreatedAt)
 			}
 		}
 	}))
 	return u
 }
 // Ignore sets each column to itself in case of conflict.
 // Using this option is equivalent to using:
 //
 //	client.AnnouncementRead.Create().
 //		OnConflict(sql.ResolveWithIgnore()).
 //		Exec(ctx)
 func (u *AnnouncementReadUpsertBulk) Ignore() *AnnouncementReadUpsertBulk {
 	u.create.conflict = append(u.create.conflict, sql.ResolveWithIgnore())
 	return u
 }
 // DoNothing configures the conflict_action to `DO NOTHING`.
 // Supported only by SQLite and PostgreSQL.
 func (u *AnnouncementReadUpsertBulk) DoNothing() *AnnouncementReadUpsertBulk {
 	u.create.conflict = append(u.create.conflict, sql.DoNothing())
 	return u
 }
 // Update allows overriding fields `UPDATE` values. See the AnnouncementReadCreateBulk.OnConflict
 // documentation for more info.
 func (u *AnnouncementReadUpsertBulk) Update(set func(*AnnouncementReadUpsert)) *AnnouncementReadUpsertBulk {
 	u.create.conflict = append(u.create.conflict, sql.ResolveWith(func(update *sql.UpdateSet) {
 		set(&AnnouncementReadUpsert{UpdateSet: update})
 	}))
 	return u
 }
 // SetAnnouncementID sets the "announcement_id" field.
 func (u *AnnouncementReadUpsertBulk) SetAnnouncementID(v int64) *AnnouncementReadUpsertBulk {
 	return u.Update(func(s *AnnouncementReadUpsert) {
 		s.SetAnnouncementID(v)
 	})
 }
 // UpdateAnnouncementID sets the "announcement_id" field to the value that was provided on create.
 func (u *AnnouncementReadUpsertBulk) UpdateAnnouncementID() *AnnouncementReadUpsertBulk {
 	return u.Update(func(s *AnnouncementReadUpsert) {
 		s.UpdateAnnouncementID()
 	})
 }
 // SetUserID sets the "user_id" field.
 func (u *AnnouncementReadUpsertBulk) SetUserID(v int64) *AnnouncementReadUpsertBulk {
 	return u.Update(func(s *AnnouncementReadUpsert) {
 		s.SetUserID(v)
 	})
 }
 // UpdateUserID sets the "user_id" field to the value that was provided on create.
 func (u *AnnouncementReadUpsertBulk) UpdateUserID() *AnnouncementReadUpsertBulk {
 	return u.Update(func(s *AnnouncementReadUpsert) {
 		s.UpdateUserID()
 	})
 }
 // SetReadAt sets the "read_at" field.
 func (u *AnnouncementReadUpsertBulk) SetReadAt(v time.Time) *AnnouncementReadUpsertBulk {
 	return u.Update(func(s *AnnouncementReadUpsert) {
 		s.SetReadAt(v)
 	})
 }
 // UpdateReadAt sets the "read_at" field to the value that was provided on create.
 func (u *AnnouncementReadUpsertBulk) UpdateReadAt() *AnnouncementReadUpsertBulk {
 	return u.Update(func(s *AnnouncementReadUpsert) {
 		s.UpdateReadAt()
 	})
 }
 // Exec executes the query.
 func (u *AnnouncementReadUpsertBulk) Exec(ctx context.Context) error {
 	if u.create.err != nil {
 		return u.create.err
 	}
 	for i, b := range u.create.builders {
 		if len(b.conflict) != 0 {
 			return fmt.Errorf("ent: OnConflict was set for builder %d. Set it on the AnnouncementReadCreateBulk instead", i)
 		}
 	}
 	if len(u.create.conflict) == 0 {
 		return errors.New("ent: missing options for AnnouncementReadCreateBulk.OnConflict")
 	}
 	return u.create.Exec(ctx)
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (u *AnnouncementReadUpsertBulk) ExecX(ctx context.Context) {
 	if err := u.create.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
--- a/backend/ent/announcementread_delete.go
+++ b/backend/ent/announcementread_delete.go
@@ -0,0 +1,88 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"context"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/announcementread"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 )
 // AnnouncementReadDelete is the builder for deleting a AnnouncementRead entity.
 type AnnouncementReadDelete struct {
 	config
 	hooks    []Hook
 	mutation *AnnouncementReadMutation
 }
 // Where appends a list predicates to the AnnouncementReadDelete builder.
 func (_d *AnnouncementReadDelete) Where(ps ...predicate.AnnouncementRead) *AnnouncementReadDelete {
 	_d.mutation.Where(ps...)
 	return _d
 }
 // Exec executes the deletion query and returns how many vertices were deleted.
 func (_d *AnnouncementReadDelete) Exec(ctx context.Context) (int, error) {
 	return withHooks(ctx, _d.sqlExec, _d.mutation, _d.hooks)
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_d *AnnouncementReadDelete) ExecX(ctx context.Context) int {
 	n, err := _d.Exec(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return n
 }
 func (_d *AnnouncementReadDelete) sqlExec(ctx context.Context) (int, error) {
 	_spec := sqlgraph.NewDeleteSpec(announcementread.Table, sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64))
 	if ps := _d.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	affected, err := sqlgraph.DeleteNodes(ctx, _d.driver, _spec)
 	if err != nil && sqlgraph.IsConstraintError(err) {
 		err = &ConstraintError{msg: err.Error(), wrap: err}
 	}
 	_d.mutation.done = true
 	return affected, err
 }
 // AnnouncementReadDeleteOne is the builder for deleting a single AnnouncementRead entity.
 type AnnouncementReadDeleteOne struct {
 	_d *AnnouncementReadDelete
 }
 // Where appends a list predicates to the AnnouncementReadDelete builder.
 func (_d *AnnouncementReadDeleteOne) Where(ps ...predicate.AnnouncementRead) *AnnouncementReadDeleteOne {
 	_d._d.mutation.Where(ps...)
 	return _d
 }
 // Exec executes the deletion query.
 func (_d *AnnouncementReadDeleteOne) Exec(ctx context.Context) error {
 	n, err := _d._d.Exec(ctx)
 	switch {
 	case err != nil:
 		return err
 	case n == 0:
 		return &NotFoundError{announcementread.Label}
 	default:
 		return nil
 	}
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_d *AnnouncementReadDeleteOne) ExecX(ctx context.Context) {
 	if err := _d.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
--- a/backend/ent/announcementread_query.go
+++ b/backend/ent/announcementread_query.go
@@ -0,0 +1,718 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"context"
 	"fmt"
 	"math"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/announcement"
 	"github.com/Wei-Shaw/sub2api/ent/announcementread"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 	"github.com/Wei-Shaw/sub2api/ent/user"
 )
 // AnnouncementReadQuery is the builder for querying AnnouncementRead entities.
 type AnnouncementReadQuery struct {
 	config
 	ctx              *QueryContext
 	order            []announcementread.OrderOption
 	inters           []Interceptor
 	predicates       []predicate.AnnouncementRead
 	withAnnouncement *AnnouncementQuery
 	withUser         *UserQuery
 	modifiers        []func(*sql.Selector)
 	// intermediate query (i.e. traversal path).
 	sql  *sql.Selector
 	path func(context.Context) (*sql.Selector, error)
 }
 // Where adds a new predicate for the AnnouncementReadQuery builder.
 func (_q *AnnouncementReadQuery) Where(ps ...predicate.AnnouncementRead) *AnnouncementReadQuery {
 	_q.predicates = append(_q.predicates, ps...)
 	return _q
 }
 // Limit the number of records to be returned by this query.
 func (_q *AnnouncementReadQuery) Limit(limit int) *AnnouncementReadQuery {
 	_q.ctx.Limit = &limit
 	return _q
 }
 // Offset to start from.
 func (_q *AnnouncementReadQuery) Offset(offset int) *AnnouncementReadQuery {
 	_q.ctx.Offset = &offset
 	return _q
 }
 // Unique configures the query builder to filter duplicate records on query.
 // By default, unique is set to true, and can be disabled using this method.
 func (_q *AnnouncementReadQuery) Unique(unique bool) *AnnouncementReadQuery {
 	_q.ctx.Unique = &unique
 	return _q
 }
 // Order specifies how the records should be ordered.
 func (_q *AnnouncementReadQuery) Order(o ...announcementread.OrderOption) *AnnouncementReadQuery {
 	_q.order = append(_q.order, o...)
 	return _q
 }
 // QueryAnnouncement chains the current query on the "announcement" edge.
 func (_q *AnnouncementReadQuery) QueryAnnouncement() *AnnouncementQuery {
 	query := (&AnnouncementClient{config: _q.config}).Query()
 	query.path = func(ctx context.Context) (fromU *sql.Selector, err error) {
 		if err := _q.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
 		selector := _q.sqlQuery(ctx)
 		if err := selector.Err(); err != nil {
 			return nil, err
 		}
 		step := sqlgraph.NewStep(
 			sqlgraph.From(announcementread.Table, announcementread.FieldID, selector),
 			sqlgraph.To(announcement.Table, announcement.FieldID),
 			sqlgraph.Edge(sqlgraph.M2O, true, announcementread.AnnouncementTable, announcementread.AnnouncementColumn),
 		)
 		fromU = sqlgraph.SetNeighbors(_q.driver.Dialect(), step)
 		return fromU, nil
 	}
 	return query
 }
 // QueryUser chains the current query on the "user" edge.
 func (_q *AnnouncementReadQuery) QueryUser() *UserQuery {
 	query := (&UserClient{config: _q.config}).Query()
 	query.path = func(ctx context.Context) (fromU *sql.Selector, err error) {
 		if err := _q.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
 		selector := _q.sqlQuery(ctx)
 		if err := selector.Err(); err != nil {
 			return nil, err
 		}
 		step := sqlgraph.NewStep(
 			sqlgraph.From(announcementread.Table, announcementread.FieldID, selector),
 			sqlgraph.To(user.Table, user.FieldID),
 			sqlgraph.Edge(sqlgraph.M2O, true, announcementread.UserTable, announcementread.UserColumn),
 		)
 		fromU = sqlgraph.SetNeighbors(_q.driver.Dialect(), step)
 		return fromU, nil
 	}
 	return query
 }
 // First returns the first AnnouncementRead entity from the query.
 // Returns a *NotFoundError when no AnnouncementRead was found.
 func (_q *AnnouncementReadQuery) First(ctx context.Context) (*AnnouncementRead, error) {
 	nodes, err := _q.Limit(1).All(setContextOp(ctx, _q.ctx, ent.OpQueryFirst))
 	if err != nil {
 		return nil, err
 	}
 	if len(nodes) == 0 {
 		return nil, &NotFoundError{announcementread.Label}
 	}
 	return nodes[0], nil
 }
 // FirstX is like First, but panics if an error occurs.
 func (_q *AnnouncementReadQuery) FirstX(ctx context.Context) *AnnouncementRead {
 	node, err := _q.First(ctx)
 	if err != nil && !IsNotFound(err) {
 		panic(err)
 	}
 	return node
 }
 // FirstID returns the first AnnouncementRead ID from the query.
 // Returns a *NotFoundError when no AnnouncementRead ID was found.
 func (_q *AnnouncementReadQuery) FirstID(ctx context.Context) (id int64, err error) {
 	var ids []int64
 	if ids, err = _q.Limit(1).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryFirstID)); err != nil {
 		return
 	}
 	if len(ids) == 0 {
 		err = &NotFoundError{announcementread.Label}
 		return
 	}
 	return ids[0], nil
 }
 // FirstIDX is like FirstID, but panics if an error occurs.
 func (_q *AnnouncementReadQuery) FirstIDX(ctx context.Context) int64 {
 	id, err := _q.FirstID(ctx)
 	if err != nil && !IsNotFound(err) {
 		panic(err)
 	}
 	return id
 }
 // Only returns a single AnnouncementRead entity found by the query, ensuring it only returns one.
 // Returns a *NotSingularError when more than one AnnouncementRead entity is found.
 // Returns a *NotFoundError when no AnnouncementRead entities are found.
 func (_q *AnnouncementReadQuery) Only(ctx context.Context) (*AnnouncementRead, error) {
 	nodes, err := _q.Limit(2).All(setContextOp(ctx, _q.ctx, ent.OpQueryOnly))
 	if err != nil {
 		return nil, err
 	}
 	switch len(nodes) {
 	case 1:
 		return nodes[0], nil
 	case 0:
 		return nil, &NotFoundError{announcementread.Label}
 	default:
 		return nil, &NotSingularError{announcementread.Label}
 	}
 }
 // OnlyX is like Only, but panics if an error occurs.
 func (_q *AnnouncementReadQuery) OnlyX(ctx context.Context) *AnnouncementRead {
 	node, err := _q.Only(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return node
 }
 // OnlyID is like Only, but returns the only AnnouncementRead ID in the query.
 // Returns a *NotSingularError when more than one AnnouncementRead ID is found.
 // Returns a *NotFoundError when no entities are found.
 func (_q *AnnouncementReadQuery) OnlyID(ctx context.Context) (id int64, err error) {
 	var ids []int64
 	if ids, err = _q.Limit(2).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryOnlyID)); err != nil {
 		return
 	}
 	switch len(ids) {
 	case 1:
 		id = ids[0]
 	case 0:
 		err = &NotFoundError{announcementread.Label}
 	default:
 		err = &NotSingularError{announcementread.Label}
 	}
 	return
 }
 // OnlyIDX is like OnlyID, but panics if an error occurs.
 func (_q *AnnouncementReadQuery) OnlyIDX(ctx context.Context) int64 {
 	id, err := _q.OnlyID(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return id
 }
 // All executes the query and returns a list of AnnouncementReads.
 func (_q *AnnouncementReadQuery) All(ctx context.Context) ([]*AnnouncementRead, error) {
 	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryAll)
 	if err := _q.prepareQuery(ctx); err != nil {
 		return nil, err
 	}
 	qr := querierAll[[]*AnnouncementRead, *AnnouncementReadQuery]()
 	return withInterceptors[[]*AnnouncementRead](ctx, _q, qr, _q.inters)
 }
 // AllX is like All, but panics if an error occurs.
 func (_q *AnnouncementReadQuery) AllX(ctx context.Context) []*AnnouncementRead {
 	nodes, err := _q.All(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return nodes
 }
 // IDs executes the query and returns a list of AnnouncementRead IDs.
 func (_q *AnnouncementReadQuery) IDs(ctx context.Context) (ids []int64, err error) {
 	if _q.ctx.Unique == nil && _q.path != nil {
 		_q.Unique(true)
 	}
 	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryIDs)
 	if err = _q.Select(announcementread.FieldID).Scan(ctx, &ids); err != nil {
 		return nil, err
 	}
 	return ids, nil
 }
 // IDsX is like IDs, but panics if an error occurs.
 func (_q *AnnouncementReadQuery) IDsX(ctx context.Context) []int64 {
 	ids, err := _q.IDs(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return ids
 }
 // Count returns the count of the given query.
 func (_q *AnnouncementReadQuery) Count(ctx context.Context) (int, error) {
 	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryCount)
 	if err := _q.prepareQuery(ctx); err != nil {
 		return 0, err
 	}
 	return withInterceptors[int](ctx, _q, querierCount[*AnnouncementReadQuery](), _q.inters)
 }
 // CountX is like Count, but panics if an error occurs.
 func (_q *AnnouncementReadQuery) CountX(ctx context.Context) int {
 	count, err := _q.Count(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return count
 }
 // Exist returns true if the query has elements in the graph.
 func (_q *AnnouncementReadQuery) Exist(ctx context.Context) (bool, error) {
 	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryExist)
 	switch _, err := _q.FirstID(ctx); {
 	case IsNotFound(err):
 		return false, nil
 	case err != nil:
 		return false, fmt.Errorf("ent: check existence: %w", err)
 	default:
 		return true, nil
 	}
 }
 // ExistX is like Exist, but panics if an error occurs.
 func (_q *AnnouncementReadQuery) ExistX(ctx context.Context) bool {
 	exist, err := _q.Exist(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return exist
 }
 // Clone returns a duplicate of the AnnouncementReadQuery builder, including all associated steps. It can be
 // used to prepare common query builders and use them differently after the clone is made.
 func (_q *AnnouncementReadQuery) Clone() *AnnouncementReadQuery {
 	if _q == nil {
 		return nil
 	}
 	return &AnnouncementReadQuery{
 		config:           _q.config,
 		ctx:              _q.ctx.Clone(),
 		order:            append([]announcementread.OrderOption{}, _q.order...),
 		inters:           append([]Interceptor{}, _q.inters...),
 		predicates:       append([]predicate.AnnouncementRead{}, _q.predicates...),
 		withAnnouncement: _q.withAnnouncement.Clone(),
 		withUser:         _q.withUser.Clone(),
 		// clone intermediate query.
 		sql:  _q.sql.Clone(),
 		path: _q.path,
 	}
 }
 // WithAnnouncement tells the query-builder to eager-load the nodes that are connected to
 // the "announcement" edge. The optional arguments are used to configure the query builder of the edge.
 func (_q *AnnouncementReadQuery) WithAnnouncement(opts ...func(*AnnouncementQuery)) *AnnouncementReadQuery {
 	query := (&AnnouncementClient{config: _q.config}).Query()
 	for _, opt := range opts {
 		opt(query)
 	}
 	_q.withAnnouncement = query
 	return _q
 }
 // WithUser tells the query-builder to eager-load the nodes that are connected to
 // the "user" edge. The optional arguments are used to configure the query builder of the edge.
 func (_q *AnnouncementReadQuery) WithUser(opts ...func(*UserQuery)) *AnnouncementReadQuery {
 	query := (&UserClient{config: _q.config}).Query()
 	for _, opt := range opts {
 		opt(query)
 	}
 	_q.withUser = query
 	return _q
 }
 // GroupBy is used to group vertices by one or more fields/columns.
 // It is often used with aggregate functions, like: count, max, mean, min, sum.
 //
 // Example:
 //
 //	var v []struct {
 //		AnnouncementID int64 `json:"announcement_id,omitempty"`
 //		Count int `json:"count,omitempty"`
 //	}
 //
 //	client.AnnouncementRead.Query().
 //		GroupBy(announcementread.FieldAnnouncementID).
 //		Aggregate(ent.Count()).
 //		Scan(ctx, &v)
 func (_q *AnnouncementReadQuery) GroupBy(field string, fields ...string) *AnnouncementReadGroupBy {
 	_q.ctx.Fields = append([]string{field}, fields...)
 	grbuild := &AnnouncementReadGroupBy{build: _q}
 	grbuild.flds = &_q.ctx.Fields
 	grbuild.label = announcementread.Label
 	grbuild.scan = grbuild.Scan
 	return grbuild
 }
 // Select allows the selection one or more fields/columns for the given query,
 // instead of selecting all fields in the entity.
 //
 // Example:
 //
 //	var v []struct {
 //		AnnouncementID int64 `json:"announcement_id,omitempty"`
 //	}
 //
 //	client.AnnouncementRead.Query().
 //		Select(announcementread.FieldAnnouncementID).
 //		Scan(ctx, &v)
 func (_q *AnnouncementReadQuery) Select(fields ...string) *AnnouncementReadSelect {
 	_q.ctx.Fields = append(_q.ctx.Fields, fields...)
 	sbuild := &AnnouncementReadSelect{AnnouncementReadQuery: _q}
 	sbuild.label = announcementread.Label
 	sbuild.flds, sbuild.scan = &_q.ctx.Fields, sbuild.Scan
 	return sbuild
 }
 // Aggregate returns a AnnouncementReadSelect configured with the given aggregations.
 func (_q *AnnouncementReadQuery) Aggregate(fns ...AggregateFunc) *AnnouncementReadSelect {
 	return _q.Select().Aggregate(fns...)
 }
 func (_q *AnnouncementReadQuery) prepareQuery(ctx context.Context) error {
 	for _, inter := range _q.inters {
 		if inter == nil {
 			return fmt.Errorf("ent: uninitialized interceptor (forgotten import ent/runtime?)")
 		}
 		if trv, ok := inter.(Traverser); ok {
 			if err := trv.Traverse(ctx, _q); err != nil {
 				return err
 			}
 		}
 	}
 	for _, f := range _q.ctx.Fields {
 		if !announcementread.ValidColumn(f) {
 			return &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
 		}
 	}
 	if _q.path != nil {
 		prev, err := _q.path(ctx)
 		if err != nil {
 			return err
 		}
 		_q.sql = prev
 	}
 	return nil
 }
 func (_q *AnnouncementReadQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*AnnouncementRead, error) {
 	var (
 		nodes       = []*AnnouncementRead{}
 		_spec       = _q.querySpec()
 		loadedTypes = [2]bool{
 			_q.withAnnouncement != nil,
 			_q.withUser != nil,
 		}
 	)
 	_spec.ScanValues = func(columns []string) ([]any, error) {
 		return (*AnnouncementRead).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []any) error {
 		node := &AnnouncementRead{config: _q.config}
 		nodes = append(nodes, node)
 		node.Edges.loadedTypes = loadedTypes
 		return node.assignValues(columns, values)
 	}
 	if len(_q.modifiers) > 0 {
 		_spec.Modifiers = _q.modifiers
 	}
 	for i := range hooks {
 		hooks[i](ctx, _spec)
 	}
 	if err := sqlgraph.QueryNodes(ctx, _q.driver, _spec); err != nil {
 		return nil, err
 	}
 	if len(nodes) == 0 {
 		return nodes, nil
 	}
 	if query := _q.withAnnouncement; query != nil {
 		if err := _q.loadAnnouncement(ctx, query, nodes, nil,
 			func(n *AnnouncementRead, e *Announcement) { n.Edges.Announcement = e }); err != nil {
 			return nil, err
 		}
 	}
 	if query := _q.withUser; query != nil {
 		if err := _q.loadUser(ctx, query, nodes, nil,
 			func(n *AnnouncementRead, e *User) { n.Edges.User = e }); err != nil {
 			return nil, err
 		}
 	}
 	return nodes, nil
 }
 func (_q *AnnouncementReadQuery) loadAnnouncement(ctx context.Context, query *AnnouncementQuery, nodes []*AnnouncementRead, init func(*AnnouncementRead), assign func(*AnnouncementRead, *Announcement)) error {
 	ids := make([]int64, 0, len(nodes))
 	nodeids := make(map[int64][]*AnnouncementRead)
 	for i := range nodes {
 		fk := nodes[i].AnnouncementID
 		if _, ok := nodeids[fk]; !ok {
 			ids = append(ids, fk)
 		}
 		nodeids[fk] = append(nodeids[fk], nodes[i])
 	}
 	if len(ids) == 0 {
 		return nil
 	}
 	query.Where(announcement.IDIn(ids...))
 	neighbors, err := query.All(ctx)
 	if err != nil {
 		return err
 	}
 	for _, n := range neighbors {
 		nodes, ok := nodeids[n.ID]
 		if !ok {
 			return fmt.Errorf(`unexpected foreign-key "announcement_id" returned %v`, n.ID)
 		}
 		for i := range nodes {
 			assign(nodes[i], n)
 		}
 	}
 	return nil
 }
 func (_q *AnnouncementReadQuery) loadUser(ctx context.Context, query *UserQuery, nodes []*AnnouncementRead, init func(*AnnouncementRead), assign func(*AnnouncementRead, *User)) error {
 	ids := make([]int64, 0, len(nodes))
 	nodeids := make(map[int64][]*AnnouncementRead)
 	for i := range nodes {
 		fk := nodes[i].UserID
 		if _, ok := nodeids[fk]; !ok {
 			ids = append(ids, fk)
 		}
 		nodeids[fk] = append(nodeids[fk], nodes[i])
 	}
 	if len(ids) == 0 {
 		return nil
 	}
 	query.Where(user.IDIn(ids...))
 	neighbors, err := query.All(ctx)
 	if err != nil {
 		return err
 	}
 	for _, n := range neighbors {
 		nodes, ok := nodeids[n.ID]
 		if !ok {
 			return fmt.Errorf(`unexpected foreign-key "user_id" returned %v`, n.ID)
 		}
 		for i := range nodes {
 			assign(nodes[i], n)
 		}
 	}
 	return nil
 }
 func (_q *AnnouncementReadQuery) sqlCount(ctx context.Context) (int, error) {
 	_spec := _q.querySpec()
 	if len(_q.modifiers) > 0 {
 		_spec.Modifiers = _q.modifiers
 	}
 	_spec.Node.Columns = _q.ctx.Fields
 	if len(_q.ctx.Fields) > 0 {
 		_spec.Unique = _q.ctx.Unique != nil && *_q.ctx.Unique
 	}
 	return sqlgraph.CountNodes(ctx, _q.driver, _spec)
 }
 func (_q *AnnouncementReadQuery) querySpec() *sqlgraph.QuerySpec {
 	_spec := sqlgraph.NewQuerySpec(announcementread.Table, announcementread.Columns, sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64))
 	_spec.From = _q.sql
 	if unique := _q.ctx.Unique; unique != nil {
 		_spec.Unique = *unique
 	} else if _q.path != nil {
 		_spec.Unique = true
 	}
 	if fields := _q.ctx.Fields; len(fields) > 0 {
 		_spec.Node.Columns = make([]string, 0, len(fields))
 		_spec.Node.Columns = append(_spec.Node.Columns, announcementread.FieldID)
 		for i := range fields {
 			if fields[i] != announcementread.FieldID {
 				_spec.Node.Columns = append(_spec.Node.Columns, fields[i])
 			}
 		}
 		if _q.withAnnouncement != nil {
 			_spec.Node.AddColumnOnce(announcementread.FieldAnnouncementID)
 		}
 		if _q.withUser != nil {
 			_spec.Node.AddColumnOnce(announcementread.FieldUserID)
 		}
 	}
 	if ps := _q.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	if limit := _q.ctx.Limit; limit != nil {
 		_spec.Limit = *limit
 	}
 	if offset := _q.ctx.Offset; offset != nil {
 		_spec.Offset = *offset
 	}
 	if ps := _q.order; len(ps) > 0 {
 		_spec.Order = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	return _spec
 }
 func (_q *AnnouncementReadQuery) sqlQuery(ctx context.Context) *sql.Selector {
 	builder := sql.Dialect(_q.driver.Dialect())
 	t1 := builder.Table(announcementread.Table)
 	columns := _q.ctx.Fields
 	if len(columns) == 0 {
 		columns = announcementread.Columns
 	}
 	selector := builder.Select(t1.Columns(columns...)...).From(t1)
 	if _q.sql != nil {
 		selector = _q.sql
 		selector.Select(selector.Columns(columns...)...)
 	}
 	if _q.ctx.Unique != nil && *_q.ctx.Unique {
 		selector.Distinct()
 	}
 	for _, m := range _q.modifiers {
 		m(selector)
 	}
 	for _, p := range _q.predicates {
 		p(selector)
 	}
 	for _, p := range _q.order {
 		p(selector)
 	}
 	if offset := _q.ctx.Offset; offset != nil {
 		// limit is mandatory for offset clause. We start
 		// with default value, and override it below if needed.
 		selector.Offset(*offset).Limit(math.MaxInt32)
 	}
 	if limit := _q.ctx.Limit; limit != nil {
 		selector.Limit(*limit)
 	}
 	return selector
 }
 // ForUpdate locks the selected rows against concurrent updates, and prevent them from being
 // updated, deleted or "selected ... for update" by other sessions, until the transaction is
 // either committed or rolled-back.
 func (_q *AnnouncementReadQuery) ForUpdate(opts ...sql.LockOption) *AnnouncementReadQuery {
 	if _q.driver.Dialect() == dialect.Postgres {
 		_q.Unique(false)
 	}
 	_q.modifiers = append(_q.modifiers, func(s *sql.Selector) {
 		s.ForUpdate(opts...)
 	})
 	return _q
 }
 // ForShare behaves similarly to ForUpdate, except that it acquires a shared mode lock
 // on any rows that are read. Other sessions can read the rows, but cannot modify them
 // until your transaction commits.
 func (_q *AnnouncementReadQuery) ForShare(opts ...sql.LockOption) *AnnouncementReadQuery {
 	if _q.driver.Dialect() == dialect.Postgres {
 		_q.Unique(false)
 	}
 	_q.modifiers = append(_q.modifiers, func(s *sql.Selector) {
 		s.ForShare(opts...)
 	})
 	return _q
 }
 // AnnouncementReadGroupBy is the group-by builder for AnnouncementRead entities.
 type AnnouncementReadGroupBy struct {
 	selector
 	build *AnnouncementReadQuery
 }
 // Aggregate adds the given aggregation functions to the group-by query.
 func (_g *AnnouncementReadGroupBy) Aggregate(fns ...AggregateFunc) *AnnouncementReadGroupBy {
 	_g.fns = append(_g.fns, fns...)
 	return _g
 }
 // Scan applies the selector query and scans the result into the given value.
 func (_g *AnnouncementReadGroupBy) Scan(ctx context.Context, v any) error {
 	ctx = setContextOp(ctx, _g.build.ctx, ent.OpQueryGroupBy)
 	if err := _g.build.prepareQuery(ctx); err != nil {
 		return err
 	}
 	return scanWithInterceptors[*AnnouncementReadQuery, *AnnouncementReadGroupBy](ctx, _g.build, _g, _g.build.inters, v)
 }
 func (_g *AnnouncementReadGroupBy) sqlScan(ctx context.Context, root *AnnouncementReadQuery, v any) error {
 	selector := root.sqlQuery(ctx).Select()
 	aggregation := make([]string, 0, len(_g.fns))
 	for _, fn := range _g.fns {
 		aggregation = append(aggregation, fn(selector))
 	}
 	if len(selector.SelectedColumns()) == 0 {
 		columns := make([]string, 0, len(*_g.flds)+len(_g.fns))
 		for _, f := range *_g.flds {
 			columns = append(columns, selector.C(f))
 		}
 		columns = append(columns, aggregation...)
 		selector.Select(columns...)
 	}
 	selector.GroupBy(selector.Columns(*_g.flds...)...)
 	if err := selector.Err(); err != nil {
 		return err
 	}
 	rows := &sql.Rows{}
 	query, args := selector.Query()
 	if err := _g.build.driver.Query(ctx, query, args, rows); err != nil {
 		return err
 	}
 	defer rows.Close()
 	return sql.ScanSlice(rows, v)
 }
 // AnnouncementReadSelect is the builder for selecting fields of AnnouncementRead entities.
 type AnnouncementReadSelect struct {
 	*AnnouncementReadQuery
 	selector
 }
 // Aggregate adds the given aggregation functions to the selector query.
 func (_s *AnnouncementReadSelect) Aggregate(fns ...AggregateFunc) *AnnouncementReadSelect {
 	_s.fns = append(_s.fns, fns...)
 	return _s
 }
 // Scan applies the selector query and scans the result into the given value.
 func (_s *AnnouncementReadSelect) Scan(ctx context.Context, v any) error {
 	ctx = setContextOp(ctx, _s.ctx, ent.OpQuerySelect)
 	if err := _s.prepareQuery(ctx); err != nil {
 		return err
 	}
 	return scanWithInterceptors[*AnnouncementReadQuery, *AnnouncementReadSelect](ctx, _s.AnnouncementReadQuery, _s, _s.inters, v)
 }
 func (_s *AnnouncementReadSelect) sqlScan(ctx context.Context, root *AnnouncementReadQuery, v any) error {
 	selector := root.sqlQuery(ctx)
 	aggregation := make([]string, 0, len(_s.fns))
 	for _, fn := range _s.fns {
 		aggregation = append(aggregation, fn(selector))
 	}
 	switch n := len(*_s.selector.flds); {
 	case n == 0 && len(aggregation) > 0:
 		selector.Select(aggregation...)
 	case n != 0 && len(aggregation) > 0:
 		selector.AppendSelect(aggregation...)
 	}
 	rows := &sql.Rows{}
 	query, args := selector.Query()
 	if err := _s.driver.Query(ctx, query, args, rows); err != nil {
 		return err
 	}
 	defer rows.Close()
 	return sql.ScanSlice(rows, v)
 }
--- a/backend/ent/announcementread_update.go
+++ b/backend/ent/announcementread_update.go
@@ -0,0 +1,456 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"context"
 	"errors"
 	"fmt"
 	"time"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/announcement"
 	"github.com/Wei-Shaw/sub2api/ent/announcementread"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 	"github.com/Wei-Shaw/sub2api/ent/user"
 )
 // AnnouncementReadUpdate is the builder for updating AnnouncementRead entities.
 type AnnouncementReadUpdate struct {
 	config
 	hooks    []Hook
 	mutation *AnnouncementReadMutation
 }
 // Where appends a list predicates to the AnnouncementReadUpdate builder.
 func (_u *AnnouncementReadUpdate) Where(ps ...predicate.AnnouncementRead) *AnnouncementReadUpdate {
 	_u.mutation.Where(ps...)
 	return _u
 }
 // SetAnnouncementID sets the "announcement_id" field.
 func (_u *AnnouncementReadUpdate) SetAnnouncementID(v int64) *AnnouncementReadUpdate {
 	_u.mutation.SetAnnouncementID(v)
 	return _u
 }
 // SetNillableAnnouncementID sets the "announcement_id" field if the given value is not nil.
 func (_u *AnnouncementReadUpdate) SetNillableAnnouncementID(v *int64) *AnnouncementReadUpdate {
 	if v != nil {
 		_u.SetAnnouncementID(*v)
 	}
 	return _u
 }
 // SetUserID sets the "user_id" field.
 func (_u *AnnouncementReadUpdate) SetUserID(v int64) *AnnouncementReadUpdate {
 	_u.mutation.SetUserID(v)
 	return _u
 }
 // SetNillableUserID sets the "user_id" field if the given value is not nil.
 func (_u *AnnouncementReadUpdate) SetNillableUserID(v *int64) *AnnouncementReadUpdate {
 	if v != nil {
 		_u.SetUserID(*v)
 	}
 	return _u
 }
 // SetReadAt sets the "read_at" field.
 func (_u *AnnouncementReadUpdate) SetReadAt(v time.Time) *AnnouncementReadUpdate {
 	_u.mutation.SetReadAt(v)
 	return _u
 }
 // SetNillableReadAt sets the "read_at" field if the given value is not nil.
 func (_u *AnnouncementReadUpdate) SetNillableReadAt(v *time.Time) *AnnouncementReadUpdate {
 	if v != nil {
 		_u.SetReadAt(*v)
 	}
 	return _u
 }
 // SetAnnouncement sets the "announcement" edge to the Announcement entity.
 func (_u *AnnouncementReadUpdate) SetAnnouncement(v *Announcement) *AnnouncementReadUpdate {
 	return _u.SetAnnouncementID(v.ID)
 }
 // SetUser sets the "user" edge to the User entity.
 func (_u *AnnouncementReadUpdate) SetUser(v *User) *AnnouncementReadUpdate {
 	return _u.SetUserID(v.ID)
 }
 // Mutation returns the AnnouncementReadMutation object of the builder.
 func (_u *AnnouncementReadUpdate) Mutation() *AnnouncementReadMutation {
 	return _u.mutation
 }
 // ClearAnnouncement clears the "announcement" edge to the Announcement entity.
 func (_u *AnnouncementReadUpdate) ClearAnnouncement() *AnnouncementReadUpdate {
 	_u.mutation.ClearAnnouncement()
 	return _u
 }
 // ClearUser clears the "user" edge to the User entity.
 func (_u *AnnouncementReadUpdate) ClearUser() *AnnouncementReadUpdate {
 	_u.mutation.ClearUser()
 	return _u
 }
 // Save executes the query and returns the number of nodes affected by the update operation.
 func (_u *AnnouncementReadUpdate) Save(ctx context.Context) (int, error) {
 	return withHooks(ctx, _u.sqlSave, _u.mutation, _u.hooks)
 }
 // SaveX is like Save, but panics if an error occurs.
 func (_u *AnnouncementReadUpdate) SaveX(ctx context.Context) int {
 	affected, err := _u.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return affected
 }
 // Exec executes the query.
 func (_u *AnnouncementReadUpdate) Exec(ctx context.Context) error {
 	_, err := _u.Save(ctx)
 	return err
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_u *AnnouncementReadUpdate) ExecX(ctx context.Context) {
 	if err := _u.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 // check runs all checks and user-defined validators on the builder.
 func (_u *AnnouncementReadUpdate) check() error {
 	if _u.mutation.AnnouncementCleared() && len(_u.mutation.AnnouncementIDs()) > 0 {
 		return errors.New(`ent: clearing a required unique edge "AnnouncementRead.announcement"`)
 	}
 	if _u.mutation.UserCleared() && len(_u.mutation.UserIDs()) > 0 {
 		return errors.New(`ent: clearing a required unique edge "AnnouncementRead.user"`)
 	}
 	return nil
 }
 func (_u *AnnouncementReadUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 	if err := _u.check(); err != nil {
 		return _node, err
 	}
 	_spec := sqlgraph.NewUpdateSpec(announcementread.Table, announcementread.Columns, sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64))
 	if ps := _u.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	if value, ok := _u.mutation.ReadAt(); ok {
 		_spec.SetField(announcementread.FieldReadAt, field.TypeTime, value)
 	}
 	if _u.mutation.AnnouncementCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
 			Table:   announcementread.AnnouncementTable,
 			Columns: []string{announcementread.AnnouncementColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcement.FieldID, field.TypeInt64),
 			},
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
 	if nodes := _u.mutation.AnnouncementIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
 			Table:   announcementread.AnnouncementTable,
 			Columns: []string{announcementread.AnnouncementColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcement.FieldID, field.TypeInt64),
 			},
 		}
 		for _, k := range nodes {
 			edge.Target.Nodes = append(edge.Target.Nodes, k)
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
 	if _u.mutation.UserCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
 			Table:   announcementread.UserTable,
 			Columns: []string{announcementread.UserColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(user.FieldID, field.TypeInt64),
 			},
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
 	if nodes := _u.mutation.UserIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
 			Table:   announcementread.UserTable,
 			Columns: []string{announcementread.UserColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(user.FieldID, field.TypeInt64),
 			},
 		}
 		for _, k := range nodes {
 			edge.Target.Nodes = append(edge.Target.Nodes, k)
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
 	if _node, err = sqlgraph.UpdateNodes(ctx, _u.driver, _spec); err != nil {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{announcementread.Label}
 		} else if sqlgraph.IsConstraintError(err) {
 			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return 0, err
 	}
 	_u.mutation.done = true
 	return _node, nil
 }
 // AnnouncementReadUpdateOne is the builder for updating a single AnnouncementRead entity.
 type AnnouncementReadUpdateOne struct {
 	config
 	fields   []string
 	hooks    []Hook
 	mutation *AnnouncementReadMutation
 }
 // SetAnnouncementID sets the "announcement_id" field.
 func (_u *AnnouncementReadUpdateOne) SetAnnouncementID(v int64) *AnnouncementReadUpdateOne {
 	_u.mutation.SetAnnouncementID(v)
 	return _u
 }
 // SetNillableAnnouncementID sets the "announcement_id" field if the given value is not nil.
 func (_u *AnnouncementReadUpdateOne) SetNillableAnnouncementID(v *int64) *AnnouncementReadUpdateOne {
 	if v != nil {
 		_u.SetAnnouncementID(*v)
 	}
 	return _u
 }
 // SetUserID sets the "user_id" field.
 func (_u *AnnouncementReadUpdateOne) SetUserID(v int64) *AnnouncementReadUpdateOne {
 	_u.mutation.SetUserID(v)
 	return _u
 }
 // SetNillableUserID sets the "user_id" field if the given value is not nil.
 func (_u *AnnouncementReadUpdateOne) SetNillableUserID(v *int64) *AnnouncementReadUpdateOne {
 	if v != nil {
 		_u.SetUserID(*v)
 	}
 	return _u
 }
 // SetReadAt sets the "read_at" field.
 func (_u *AnnouncementReadUpdateOne) SetReadAt(v time.Time) *AnnouncementReadUpdateOne {
 	_u.mutation.SetReadAt(v)
 	return _u
 }
 // SetNillableReadAt sets the "read_at" field if the given value is not nil.
 func (_u *AnnouncementReadUpdateOne) SetNillableReadAt(v *time.Time) *AnnouncementReadUpdateOne {
 	if v != nil {
 		_u.SetReadAt(*v)
 	}
 	return _u
 }
 // SetAnnouncement sets the "announcement" edge to the Announcement entity.
 func (_u *AnnouncementReadUpdateOne) SetAnnouncement(v *Announcement) *AnnouncementReadUpdateOne {
 	return _u.SetAnnouncementID(v.ID)
 }
 // SetUser sets the "user" edge to the User entity.
 func (_u *AnnouncementReadUpdateOne) SetUser(v *User) *AnnouncementReadUpdateOne {
 	return _u.SetUserID(v.ID)
 }
 // Mutation returns the AnnouncementReadMutation object of the builder.
 func (_u *AnnouncementReadUpdateOne) Mutation() *AnnouncementReadMutation {
 	return _u.mutation
 }
 // ClearAnnouncement clears the "announcement" edge to the Announcement entity.
 func (_u *AnnouncementReadUpdateOne) ClearAnnouncement() *AnnouncementReadUpdateOne {
 	_u.mutation.ClearAnnouncement()
 	return _u
 }
 // ClearUser clears the "user" edge to the User entity.
 func (_u *AnnouncementReadUpdateOne) ClearUser() *AnnouncementReadUpdateOne {
 	_u.mutation.ClearUser()
 	return _u
 }
 // Where appends a list predicates to the AnnouncementReadUpdate builder.
 func (_u *AnnouncementReadUpdateOne) Where(ps ...predicate.AnnouncementRead) *AnnouncementReadUpdateOne {
 	_u.mutation.Where(ps...)
 	return _u
 }
 // Select allows selecting one or more fields (columns) of the returned entity.
 // The default is selecting all fields defined in the entity schema.
 func (_u *AnnouncementReadUpdateOne) Select(field string, fields ...string) *AnnouncementReadUpdateOne {
 	_u.fields = append([]string{field}, fields...)
 	return _u
 }
 // Save executes the query and returns the updated AnnouncementRead entity.
 func (_u *AnnouncementReadUpdateOne) Save(ctx context.Context) (*AnnouncementRead, error) {
 	return withHooks(ctx, _u.sqlSave, _u.mutation, _u.hooks)
 }
 // SaveX is like Save, but panics if an error occurs.
 func (_u *AnnouncementReadUpdateOne) SaveX(ctx context.Context) *AnnouncementRead {
 	node, err := _u.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return node
 }
 // Exec executes the query on the entity.
 func (_u *AnnouncementReadUpdateOne) Exec(ctx context.Context) error {
 	_, err := _u.Save(ctx)
 	return err
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_u *AnnouncementReadUpdateOne) ExecX(ctx context.Context) {
 	if err := _u.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 // check runs all checks and user-defined validators on the builder.
 func (_u *AnnouncementReadUpdateOne) check() error {
 	if _u.mutation.AnnouncementCleared() && len(_u.mutation.AnnouncementIDs()) > 0 {
 		return errors.New(`ent: clearing a required unique edge "AnnouncementRead.announcement"`)
 	}
 	if _u.mutation.UserCleared() && len(_u.mutation.UserIDs()) > 0 {
 		return errors.New(`ent: clearing a required unique edge "AnnouncementRead.user"`)
 	}
 	return nil
 }
 func (_u *AnnouncementReadUpdateOne) sqlSave(ctx context.Context) (_node *AnnouncementRead, err error) {
 	if err := _u.check(); err != nil {
 		return _node, err
 	}
 	_spec := sqlgraph.NewUpdateSpec(announcementread.Table, announcementread.Columns, sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64))
 	id, ok := _u.mutation.ID()
 	if !ok {
 		return nil, &ValidationError{Name: "id", err: errors.New(`ent: missing "AnnouncementRead.id" for update`)}
 	}
 	_spec.Node.ID.Value = id
 	if fields := _u.fields; len(fields) > 0 {
 		_spec.Node.Columns = make([]string, 0, len(fields))
 		_spec.Node.Columns = append(_spec.Node.Columns, announcementread.FieldID)
 		for _, f := range fields {
 			if !announcementread.ValidColumn(f) {
 				return nil, &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
 			}
 			if f != announcementread.FieldID {
 				_spec.Node.Columns = append(_spec.Node.Columns, f)
 			}
 		}
 	}
 	if ps := _u.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	if value, ok := _u.mutation.ReadAt(); ok {
 		_spec.SetField(announcementread.FieldReadAt, field.TypeTime, value)
 	}
 	if _u.mutation.AnnouncementCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
 			Table:   announcementread.AnnouncementTable,
 			Columns: []string{announcementread.AnnouncementColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcement.FieldID, field.TypeInt64),
 			},
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
 	if nodes := _u.mutation.AnnouncementIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
 			Table:   announcementread.AnnouncementTable,
 			Columns: []string{announcementread.AnnouncementColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcement.FieldID, field.TypeInt64),
 			},
 		}
 		for _, k := range nodes {
 			edge.Target.Nodes = append(edge.Target.Nodes, k)
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
 	if _u.mutation.UserCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
 			Table:   announcementread.UserTable,
 			Columns: []string{announcementread.UserColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(user.FieldID, field.TypeInt64),
 			},
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
 	if nodes := _u.mutation.UserIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
 			Inverse: true,
 			Table:   announcementread.UserTable,
 			Columns: []string{announcementread.UserColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(user.FieldID, field.TypeInt64),
 			},
 		}
 		for _, k := range nodes {
 			edge.Target.Nodes = append(edge.Target.Nodes, k)
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
 	_node = &AnnouncementRead{config: _u.config}
 	_spec.Assign = _node.assignValues
 	_spec.ScanValues = _node.scanValues
 	if err = sqlgraph.UpdateNode(ctx, _u.driver, _spec); err != nil {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{announcementread.Label}
 		} else if sqlgraph.IsConstraintError(err) {
 			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
 	_u.mutation.done = true
 	return _node, nil
 }
--- a/backend/ent/apikey.go
+++ b/backend/ent/apikey.go
@@ -36,10 +36,18 @@ type APIKey struct {
 	GroupID *int64 `json:"group_id,omitempty"`
 	// Status holds the value of the "status" field.
 	Status string `json:"status,omitempty"`
 	// Last usage time of this API key
 	LastUsedAt *time.Time `json:"last_used_at,omitempty"`
 	// Allowed IPs/CIDRs, e.g. ["192.168.1.100", "10.0.0.0/8"]
 	IPWhitelist []string `json:"ip_whitelist,omitempty"`
 	// Blocked IPs/CIDRs
 	IPBlacklist []string `json:"ip_blacklist,omitempty"`
 	// Quota limit in USD for this API key (0 = unlimited)
 	Quota float64 `json:"quota,omitempty"`
 	// Used quota amount in USD
 	QuotaUsed float64 `json:"quota_used,omitempty"`
 	// Expiration time for this API key (null = never expires)
 	ExpiresAt *time.Time `json:"expires_at,omitempty"`
 	// Edges holds the relations/edges for other nodes in the graph.
 	// The values are being populated by the APIKeyQuery when eager-loading is set.
 	Edges        APIKeyEdges `json:"edges"`
@@ -97,11 +105,13 @@ func (*APIKey) scanValues(columns []string) ([]any, error) {
 		switch columns[i] {
 		case apikey.FieldIPWhitelist, apikey.FieldIPBlacklist:
 			values[i] = new([]byte)
 		case apikey.FieldQuota, apikey.FieldQuotaUsed:
 			values[i] = new(sql.NullFloat64)
 		case apikey.FieldID, apikey.FieldUserID, apikey.FieldGroupID:
 			values[i] = new(sql.NullInt64)
 		case apikey.FieldKey, apikey.FieldName, apikey.FieldStatus:
 			values[i] = new(sql.NullString)
-		case apikey.FieldCreatedAt, apikey.FieldUpdatedAt, apikey.FieldDeletedAt:
+		case apikey.FieldCreatedAt, apikey.FieldUpdatedAt, apikey.FieldDeletedAt, apikey.FieldLastUsedAt, apikey.FieldExpiresAt:
 			values[i] = new(sql.NullTime)
 		default:
 			values[i] = new(sql.UnknownType)
@@ -174,6 +184,13 @@ func (_m *APIKey) assignValues(columns []string, values []any) error {
 			} else if value.Valid {
 				_m.Status = value.String
 			}
 		case apikey.FieldLastUsedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field last_used_at", values[i])
 			} else if value.Valid {
 				_m.LastUsedAt = new(time.Time)
 				*_m.LastUsedAt = value.Time
 			}
 		case apikey.FieldIPWhitelist:
 			if value, ok := values[i].(*[]byte); !ok {
 				return fmt.Errorf("unexpected type %T for field ip_whitelist", values[i])
@@ -190,6 +207,25 @@ func (_m *APIKey) assignValues(columns []string, values []any) error {
 					return fmt.Errorf("unmarshal field ip_blacklist: %w", err)
 				}
 			}
 		case apikey.FieldQuota:
 			if value, ok := values[i].(*sql.NullFloat64); !ok {
 				return fmt.Errorf("unexpected type %T for field quota", values[i])
 			} else if value.Valid {
 				_m.Quota = value.Float64
 			}
 		case apikey.FieldQuotaUsed:
 			if value, ok := values[i].(*sql.NullFloat64); !ok {
 				return fmt.Errorf("unexpected type %T for field quota_used", values[i])
 			} else if value.Valid {
 				_m.QuotaUsed = value.Float64
 			}
 		case apikey.FieldExpiresAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field expires_at", values[i])
 			} else if value.Valid {
 				_m.ExpiresAt = new(time.Time)
 				*_m.ExpiresAt = value.Time
 			}
 		default:
 			_m.selectValues.Set(columns[i], values[i])
 		}
@@ -269,11 +305,27 @@ func (_m *APIKey) String() string {
 	builder.WriteString("status=")
 	builder.WriteString(_m.Status)
 	builder.WriteString(", ")
 	if v := _m.LastUsedAt; v != nil {
 		builder.WriteString("last_used_at=")
 		builder.WriteString(v.Format(time.ANSIC))
 	}
 	builder.WriteString(", ")
 	builder.WriteString("ip_whitelist=")
 	builder.WriteString(fmt.Sprintf("%v", _m.IPWhitelist))
 	builder.WriteString(", ")
 	builder.WriteString("ip_blacklist=")
 	builder.WriteString(fmt.Sprintf("%v", _m.IPBlacklist))
 	builder.WriteString(", ")
 	builder.WriteString("quota=")
 	builder.WriteString(fmt.Sprintf("%v", _m.Quota))
 	builder.WriteString(", ")
 	builder.WriteString("quota_used=")
 	builder.WriteString(fmt.Sprintf("%v", _m.QuotaUsed))
 	builder.WriteString(", ")
 	if v := _m.ExpiresAt; v != nil {
 		builder.WriteString("expires_at=")
 		builder.WriteString(v.Format(time.ANSIC))
 	}
 	builder.WriteByte(')')
 	return builder.String()
 }
--- a/backend/ent/apikey/apikey.go
+++ b/backend/ent/apikey/apikey.go
@@ -31,10 +31,18 @@ const (
 	FieldGroupID = "group_id"
 	// FieldStatus holds the string denoting the status field in the database.
 	FieldStatus = "status"
 	// FieldLastUsedAt holds the string denoting the last_used_at field in the database.
 	FieldLastUsedAt = "last_used_at"
 	// FieldIPWhitelist holds the string denoting the ip_whitelist field in the database.
 	FieldIPWhitelist = "ip_whitelist"
 	// FieldIPBlacklist holds the string denoting the ip_blacklist field in the database.
 	FieldIPBlacklist = "ip_blacklist"
 	// FieldQuota holds the string denoting the quota field in the database.
 	FieldQuota = "quota"
 	// FieldQuotaUsed holds the string denoting the quota_used field in the database.
 	FieldQuotaUsed = "quota_used"
 	// FieldExpiresAt holds the string denoting the expires_at field in the database.
 	FieldExpiresAt = "expires_at"
 	// EdgeUser holds the string denoting the user edge name in mutations.
 	EdgeUser = "user"
 	// EdgeGroup holds the string denoting the group edge name in mutations.
@@ -77,8 +85,12 @@ var Columns = []string{
 	FieldName,
 	FieldGroupID,
 	FieldStatus,
 	FieldLastUsedAt,
 	FieldIPWhitelist,
 	FieldIPBlacklist,
 	FieldQuota,
 	FieldQuotaUsed,
 	FieldExpiresAt,
 }
 // ValidColumn reports if the column name is valid (part of the table columns).
@@ -113,6 +125,10 @@ var (
 	DefaultStatus string
 	// StatusValidator is a validator for the "status" field. It is called by the builders before save.
 	StatusValidator func(string) error
 	// DefaultQuota holds the default value on creation for the "quota" field.
 	DefaultQuota float64
 	// DefaultQuotaUsed holds the default value on creation for the "quota_used" field.
 	DefaultQuotaUsed float64
 )
 // OrderOption defines the ordering options for the APIKey queries.
@@ -163,6 +179,26 @@ func ByStatus(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldStatus, opts...).ToFunc()
 }
 // ByLastUsedAt orders the results by the last_used_at field.
 func ByLastUsedAt(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldLastUsedAt, opts...).ToFunc()
 }
 // ByQuota orders the results by the quota field.
 func ByQuota(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldQuota, opts...).ToFunc()
 }
 // ByQuotaUsed orders the results by the quota_used field.
 func ByQuotaUsed(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldQuotaUsed, opts...).ToFunc()
 }
 // ByExpiresAt orders the results by the expires_at field.
 func ByExpiresAt(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldExpiresAt, opts...).ToFunc()
 }
 // ByUserField orders the results by user field.
 func ByUserField(field string, opts ...sql.OrderTermOption) OrderOption {
 	return func(s *sql.Selector) {
--- a/backend/ent/apikey/where.go
+++ b/backend/ent/apikey/where.go
@@ -95,6 +95,26 @@ func Status(v string) predicate.APIKey {
 	return predicate.APIKey(sql.FieldEQ(FieldStatus, v))
 }
 // LastUsedAt applies equality check predicate on the "last_used_at" field. It's identical to LastUsedAtEQ.
 func LastUsedAt(v time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldEQ(FieldLastUsedAt, v))
 }
 // Quota applies equality check predicate on the "quota" field. It's identical to QuotaEQ.
 func Quota(v float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldEQ(FieldQuota, v))
 }
 // QuotaUsed applies equality check predicate on the "quota_used" field. It's identical to QuotaUsedEQ.
 func QuotaUsed(v float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldEQ(FieldQuotaUsed, v))
 }
 // ExpiresAt applies equality check predicate on the "expires_at" field. It's identical to ExpiresAtEQ.
 func ExpiresAt(v time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldEQ(FieldExpiresAt, v))
 }
 // CreatedAtEQ applies the EQ predicate on the "created_at" field.
 func CreatedAtEQ(v time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldEQ(FieldCreatedAt, v))
@@ -470,6 +490,56 @@ func StatusContainsFold(v string) predicate.APIKey {
 	return predicate.APIKey(sql.FieldContainsFold(FieldStatus, v))
 }
 // LastUsedAtEQ applies the EQ predicate on the "last_used_at" field.
 func LastUsedAtEQ(v time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldEQ(FieldLastUsedAt, v))
 }
 // LastUsedAtNEQ applies the NEQ predicate on the "last_used_at" field.
 func LastUsedAtNEQ(v time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldNEQ(FieldLastUsedAt, v))
 }
 // LastUsedAtIn applies the In predicate on the "last_used_at" field.
 func LastUsedAtIn(vs ...time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldIn(FieldLastUsedAt, vs...))
 }
 // LastUsedAtNotIn applies the NotIn predicate on the "last_used_at" field.
 func LastUsedAtNotIn(vs ...time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldNotIn(FieldLastUsedAt, vs...))
 }
 // LastUsedAtGT applies the GT predicate on the "last_used_at" field.
 func LastUsedAtGT(v time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldGT(FieldLastUsedAt, v))
 }
 // LastUsedAtGTE applies the GTE predicate on the "last_used_at" field.
 func LastUsedAtGTE(v time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldGTE(FieldLastUsedAt, v))
 }
 // LastUsedAtLT applies the LT predicate on the "last_used_at" field.
 func LastUsedAtLT(v time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldLT(FieldLastUsedAt, v))
 }
 // LastUsedAtLTE applies the LTE predicate on the "last_used_at" field.
 func LastUsedAtLTE(v time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldLTE(FieldLastUsedAt, v))
 }
 // LastUsedAtIsNil applies the IsNil predicate on the "last_used_at" field.
 func LastUsedAtIsNil() predicate.APIKey {
 	return predicate.APIKey(sql.FieldIsNull(FieldLastUsedAt))
 }
 // LastUsedAtNotNil applies the NotNil predicate on the "last_used_at" field.
 func LastUsedAtNotNil() predicate.APIKey {
 	return predicate.APIKey(sql.FieldNotNull(FieldLastUsedAt))
 }
 // IPWhitelistIsNil applies the IsNil predicate on the "ip_whitelist" field.
 func IPWhitelistIsNil() predicate.APIKey {
 	return predicate.APIKey(sql.FieldIsNull(FieldIPWhitelist))
@@ -490,6 +560,136 @@ func IPBlacklistNotNil() predicate.APIKey {
 	return predicate.APIKey(sql.FieldNotNull(FieldIPBlacklist))
 }
 // QuotaEQ applies the EQ predicate on the "quota" field.
 func QuotaEQ(v float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldEQ(FieldQuota, v))
 }
 // QuotaNEQ applies the NEQ predicate on the "quota" field.
 func QuotaNEQ(v float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldNEQ(FieldQuota, v))
 }
 // QuotaIn applies the In predicate on the "quota" field.
 func QuotaIn(vs ...float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldIn(FieldQuota, vs...))
 }
 // QuotaNotIn applies the NotIn predicate on the "quota" field.
 func QuotaNotIn(vs ...float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldNotIn(FieldQuota, vs...))
 }
 // QuotaGT applies the GT predicate on the "quota" field.
 func QuotaGT(v float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldGT(FieldQuota, v))
 }
 // QuotaGTE applies the GTE predicate on the "quota" field.
 func QuotaGTE(v float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldGTE(FieldQuota, v))
 }
 // QuotaLT applies the LT predicate on the "quota" field.
 func QuotaLT(v float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldLT(FieldQuota, v))
 }
 // QuotaLTE applies the LTE predicate on the "quota" field.
 func QuotaLTE(v float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldLTE(FieldQuota, v))
 }
 // QuotaUsedEQ applies the EQ predicate on the "quota_used" field.
 func QuotaUsedEQ(v float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldEQ(FieldQuotaUsed, v))
 }
 // QuotaUsedNEQ applies the NEQ predicate on the "quota_used" field.
 func QuotaUsedNEQ(v float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldNEQ(FieldQuotaUsed, v))
 }
 // QuotaUsedIn applies the In predicate on the "quota_used" field.
 func QuotaUsedIn(vs ...float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldIn(FieldQuotaUsed, vs...))
 }
 // QuotaUsedNotIn applies the NotIn predicate on the "quota_used" field.
 func QuotaUsedNotIn(vs ...float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldNotIn(FieldQuotaUsed, vs...))
 }
 // QuotaUsedGT applies the GT predicate on the "quota_used" field.
 func QuotaUsedGT(v float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldGT(FieldQuotaUsed, v))
 }
 // QuotaUsedGTE applies the GTE predicate on the "quota_used" field.
 func QuotaUsedGTE(v float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldGTE(FieldQuotaUsed, v))
 }
 // QuotaUsedLT applies the LT predicate on the "quota_used" field.
 func QuotaUsedLT(v float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldLT(FieldQuotaUsed, v))
 }
 // QuotaUsedLTE applies the LTE predicate on the "quota_used" field.
 func QuotaUsedLTE(v float64) predicate.APIKey {
 	return predicate.APIKey(sql.FieldLTE(FieldQuotaUsed, v))
 }
 // ExpiresAtEQ applies the EQ predicate on the "expires_at" field.
 func ExpiresAtEQ(v time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldEQ(FieldExpiresAt, v))
 }
 // ExpiresAtNEQ applies the NEQ predicate on the "expires_at" field.
 func ExpiresAtNEQ(v time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldNEQ(FieldExpiresAt, v))
 }
 // ExpiresAtIn applies the In predicate on the "expires_at" field.
 func ExpiresAtIn(vs ...time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldIn(FieldExpiresAt, vs...))
 }
 // ExpiresAtNotIn applies the NotIn predicate on the "expires_at" field.
 func ExpiresAtNotIn(vs ...time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldNotIn(FieldExpiresAt, vs...))
 }
 // ExpiresAtGT applies the GT predicate on the "expires_at" field.
 func ExpiresAtGT(v time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldGT(FieldExpiresAt, v))
 }
 // ExpiresAtGTE applies the GTE predicate on the "expires_at" field.
 func ExpiresAtGTE(v time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldGTE(FieldExpiresAt, v))
 }
 // ExpiresAtLT applies the LT predicate on the "expires_at" field.
 func ExpiresAtLT(v time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldLT(FieldExpiresAt, v))
 }
 // ExpiresAtLTE applies the LTE predicate on the "expires_at" field.
 func ExpiresAtLTE(v time.Time) predicate.APIKey {
 	return predicate.APIKey(sql.FieldLTE(FieldExpiresAt, v))
 }
 // ExpiresAtIsNil applies the IsNil predicate on the "expires_at" field.
 func ExpiresAtIsNil() predicate.APIKey {
 	return predicate.APIKey(sql.FieldIsNull(FieldExpiresAt))
 }
 // ExpiresAtNotNil applies the NotNil predicate on the "expires_at" field.
 func ExpiresAtNotNil() predicate.APIKey {
 	return predicate.APIKey(sql.FieldNotNull(FieldExpiresAt))
 }
 // HasUser applies the HasEdge predicate on the "user" edge.
 func HasUser() predicate.APIKey {
 	return predicate.APIKey(func(s *sql.Selector) {
--- a/backend/ent/apikey_create.go
+++ b/backend/ent/apikey_create.go
@@ -113,6 +113,20 @@ func (_c *APIKeyCreate) SetNillableStatus(v *string) *APIKeyCreate {
 	return _c
 }
 // SetLastUsedAt sets the "last_used_at" field.
 func (_c *APIKeyCreate) SetLastUsedAt(v time.Time) *APIKeyCreate {
 	_c.mutation.SetLastUsedAt(v)
 	return _c
 }
 // SetNillableLastUsedAt sets the "last_used_at" field if the given value is not nil.
 func (_c *APIKeyCreate) SetNillableLastUsedAt(v *time.Time) *APIKeyCreate {
 	if v != nil {
 		_c.SetLastUsedAt(*v)
 	}
 	return _c
 }
 // SetIPWhitelist sets the "ip_whitelist" field.
 func (_c *APIKeyCreate) SetIPWhitelist(v []string) *APIKeyCreate {
 	_c.mutation.SetIPWhitelist(v)
@@ -125,6 +139,48 @@ func (_c *APIKeyCreate) SetIPBlacklist(v []string) *APIKeyCreate {
 	return _c
 }
 // SetQuota sets the "quota" field.
 func (_c *APIKeyCreate) SetQuota(v float64) *APIKeyCreate {
 	_c.mutation.SetQuota(v)
 	return _c
 }
 // SetNillableQuota sets the "quota" field if the given value is not nil.
 func (_c *APIKeyCreate) SetNillableQuota(v *float64) *APIKeyCreate {
 	if v != nil {
 		_c.SetQuota(*v)
 	}
 	return _c
 }
 // SetQuotaUsed sets the "quota_used" field.
 func (_c *APIKeyCreate) SetQuotaUsed(v float64) *APIKeyCreate {
 	_c.mutation.SetQuotaUsed(v)
 	return _c
 }
 // SetNillableQuotaUsed sets the "quota_used" field if the given value is not nil.
 func (_c *APIKeyCreate) SetNillableQuotaUsed(v *float64) *APIKeyCreate {
 	if v != nil {
 		_c.SetQuotaUsed(*v)
 	}
 	return _c
 }
 // SetExpiresAt sets the "expires_at" field.
 func (_c *APIKeyCreate) SetExpiresAt(v time.Time) *APIKeyCreate {
 	_c.mutation.SetExpiresAt(v)
 	return _c
 }
 // SetNillableExpiresAt sets the "expires_at" field if the given value is not nil.
 func (_c *APIKeyCreate) SetNillableExpiresAt(v *time.Time) *APIKeyCreate {
 	if v != nil {
 		_c.SetExpiresAt(*v)
 	}
 	return _c
 }
 // SetUser sets the "user" edge to the User entity.
 func (_c *APIKeyCreate) SetUser(v *User) *APIKeyCreate {
 	return _c.SetUserID(v.ID)
@@ -205,6 +261,14 @@ func (_c *APIKeyCreate) defaults() error {
 		v := apikey.DefaultStatus
 		_c.mutation.SetStatus(v)
 	}
 	if _, ok := _c.mutation.Quota(); !ok {
 		v := apikey.DefaultQuota
 		_c.mutation.SetQuota(v)
 	}
 	if _, ok := _c.mutation.QuotaUsed(); !ok {
 		v := apikey.DefaultQuotaUsed
 		_c.mutation.SetQuotaUsed(v)
 	}
 	return nil
 }
@@ -243,6 +307,12 @@ func (_c *APIKeyCreate) check() error {
 			return &ValidationError{Name: "status", err: fmt.Errorf(`ent: validator failed for field "APIKey.status": %w`, err)}
 		}
 	}
 	if _, ok := _c.mutation.Quota(); !ok {
 		return &ValidationError{Name: "quota", err: errors.New(`ent: missing required field "APIKey.quota"`)}
 	}
 	if _, ok := _c.mutation.QuotaUsed(); !ok {
 		return &ValidationError{Name: "quota_used", err: errors.New(`ent: missing required field "APIKey.quota_used"`)}
 	}
 	if len(_c.mutation.UserIDs()) == 0 {
 		return &ValidationError{Name: "user", err: errors.New(`ent: missing required edge "APIKey.user"`)}
 	}
@@ -297,6 +367,10 @@ func (_c *APIKeyCreate) createSpec() (*APIKey, *sqlgraph.CreateSpec) {
 		_spec.SetField(apikey.FieldStatus, field.TypeString, value)
 		_node.Status = value
 	}
 	if value, ok := _c.mutation.LastUsedAt(); ok {
 		_spec.SetField(apikey.FieldLastUsedAt, field.TypeTime, value)
 		_node.LastUsedAt = &value
 	}
 	if value, ok := _c.mutation.IPWhitelist(); ok {
 		_spec.SetField(apikey.FieldIPWhitelist, field.TypeJSON, value)
 		_node.IPWhitelist = value
@@ -305,6 +379,18 @@ func (_c *APIKeyCreate) createSpec() (*APIKey, *sqlgraph.CreateSpec) {
 		_spec.SetField(apikey.FieldIPBlacklist, field.TypeJSON, value)
 		_node.IPBlacklist = value
 	}
 	if value, ok := _c.mutation.Quota(); ok {
 		_spec.SetField(apikey.FieldQuota, field.TypeFloat64, value)
 		_node.Quota = value
 	}
 	if value, ok := _c.mutation.QuotaUsed(); ok {
 		_spec.SetField(apikey.FieldQuotaUsed, field.TypeFloat64, value)
 		_node.QuotaUsed = value
 	}
 	if value, ok := _c.mutation.ExpiresAt(); ok {
 		_spec.SetField(apikey.FieldExpiresAt, field.TypeTime, value)
 		_node.ExpiresAt = &value
 	}
 	if nodes := _c.mutation.UserIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
@@ -503,6 +589,24 @@ func (u *APIKeyUpsert) UpdateStatus() *APIKeyUpsert {
 	return u
 }
 // SetLastUsedAt sets the "last_used_at" field.
 func (u *APIKeyUpsert) SetLastUsedAt(v time.Time) *APIKeyUpsert {
 	u.Set(apikey.FieldLastUsedAt, v)
 	return u
 }
 // UpdateLastUsedAt sets the "last_used_at" field to the value that was provided on create.
 func (u *APIKeyUpsert) UpdateLastUsedAt() *APIKeyUpsert {
 	u.SetExcluded(apikey.FieldLastUsedAt)
 	return u
 }
 // ClearLastUsedAt clears the value of the "last_used_at" field.
 func (u *APIKeyUpsert) ClearLastUsedAt() *APIKeyUpsert {
 	u.SetNull(apikey.FieldLastUsedAt)
 	return u
 }
 // SetIPWhitelist sets the "ip_whitelist" field.
 func (u *APIKeyUpsert) SetIPWhitelist(v []string) *APIKeyUpsert {
 	u.Set(apikey.FieldIPWhitelist, v)
@@ -539,6 +643,60 @@ func (u *APIKeyUpsert) ClearIPBlacklist() *APIKeyUpsert {
 	return u
 }
 // SetQuota sets the "quota" field.
 func (u *APIKeyUpsert) SetQuota(v float64) *APIKeyUpsert {
 	u.Set(apikey.FieldQuota, v)
 	return u
 }
 // UpdateQuota sets the "quota" field to the value that was provided on create.
 func (u *APIKeyUpsert) UpdateQuota() *APIKeyUpsert {
 	u.SetExcluded(apikey.FieldQuota)
 	return u
 }
 // AddQuota adds v to the "quota" field.
 func (u *APIKeyUpsert) AddQuota(v float64) *APIKeyUpsert {
 	u.Add(apikey.FieldQuota, v)
 	return u
 }
 // SetQuotaUsed sets the "quota_used" field.
 func (u *APIKeyUpsert) SetQuotaUsed(v float64) *APIKeyUpsert {
 	u.Set(apikey.FieldQuotaUsed, v)
 	return u
 }
 // UpdateQuotaUsed sets the "quota_used" field to the value that was provided on create.
 func (u *APIKeyUpsert) UpdateQuotaUsed() *APIKeyUpsert {
 	u.SetExcluded(apikey.FieldQuotaUsed)
 	return u
 }
 // AddQuotaUsed adds v to the "quota_used" field.
 func (u *APIKeyUpsert) AddQuotaUsed(v float64) *APIKeyUpsert {
 	u.Add(apikey.FieldQuotaUsed, v)
 	return u
 }
 // SetExpiresAt sets the "expires_at" field.
 func (u *APIKeyUpsert) SetExpiresAt(v time.Time) *APIKeyUpsert {
 	u.Set(apikey.FieldExpiresAt, v)
 	return u
 }
 // UpdateExpiresAt sets the "expires_at" field to the value that was provided on create.
 func (u *APIKeyUpsert) UpdateExpiresAt() *APIKeyUpsert {
 	u.SetExcluded(apikey.FieldExpiresAt)
 	return u
 }
 // ClearExpiresAt clears the value of the "expires_at" field.
 func (u *APIKeyUpsert) ClearExpiresAt() *APIKeyUpsert {
 	u.SetNull(apikey.FieldExpiresAt)
 	return u
 }
 // UpdateNewValues updates the mutable fields using the new values that were set on create.
 // Using this option is equivalent to using:
 //
@@ -696,6 +854,27 @@ func (u *APIKeyUpsertOne) UpdateStatus() *APIKeyUpsertOne {
 	})
 }
 // SetLastUsedAt sets the "last_used_at" field.
 func (u *APIKeyUpsertOne) SetLastUsedAt(v time.Time) *APIKeyUpsertOne {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.SetLastUsedAt(v)
 	})
 }
 // UpdateLastUsedAt sets the "last_used_at" field to the value that was provided on create.
 func (u *APIKeyUpsertOne) UpdateLastUsedAt() *APIKeyUpsertOne {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.UpdateLastUsedAt()
 	})
 }
 // ClearLastUsedAt clears the value of the "last_used_at" field.
 func (u *APIKeyUpsertOne) ClearLastUsedAt() *APIKeyUpsertOne {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.ClearLastUsedAt()
 	})
 }
 // SetIPWhitelist sets the "ip_whitelist" field.
 func (u *APIKeyUpsertOne) SetIPWhitelist(v []string) *APIKeyUpsertOne {
 	return u.Update(func(s *APIKeyUpsert) {
@@ -738,6 +917,69 @@ func (u *APIKeyUpsertOne) ClearIPBlacklist() *APIKeyUpsertOne {
 	})
 }
 // SetQuota sets the "quota" field.
 func (u *APIKeyUpsertOne) SetQuota(v float64) *APIKeyUpsertOne {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.SetQuota(v)
 	})
 }
 // AddQuota adds v to the "quota" field.
 func (u *APIKeyUpsertOne) AddQuota(v float64) *APIKeyUpsertOne {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.AddQuota(v)
 	})
 }
 // UpdateQuota sets the "quota" field to the value that was provided on create.
 func (u *APIKeyUpsertOne) UpdateQuota() *APIKeyUpsertOne {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.UpdateQuota()
 	})
 }
 // SetQuotaUsed sets the "quota_used" field.
 func (u *APIKeyUpsertOne) SetQuotaUsed(v float64) *APIKeyUpsertOne {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.SetQuotaUsed(v)
 	})
 }
 // AddQuotaUsed adds v to the "quota_used" field.
 func (u *APIKeyUpsertOne) AddQuotaUsed(v float64) *APIKeyUpsertOne {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.AddQuotaUsed(v)
 	})
 }
 // UpdateQuotaUsed sets the "quota_used" field to the value that was provided on create.
 func (u *APIKeyUpsertOne) UpdateQuotaUsed() *APIKeyUpsertOne {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.UpdateQuotaUsed()
 	})
 }
 // SetExpiresAt sets the "expires_at" field.
 func (u *APIKeyUpsertOne) SetExpiresAt(v time.Time) *APIKeyUpsertOne {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.SetExpiresAt(v)
 	})
 }
 // UpdateExpiresAt sets the "expires_at" field to the value that was provided on create.
 func (u *APIKeyUpsertOne) UpdateExpiresAt() *APIKeyUpsertOne {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.UpdateExpiresAt()
 	})
 }
 // ClearExpiresAt clears the value of the "expires_at" field.
 func (u *APIKeyUpsertOne) ClearExpiresAt() *APIKeyUpsertOne {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.ClearExpiresAt()
 	})
 }
 // Exec executes the query.
 func (u *APIKeyUpsertOne) Exec(ctx context.Context) error {
 	if len(u.create.conflict) == 0 {
@@ -1061,6 +1303,27 @@ func (u *APIKeyUpsertBulk) UpdateStatus() *APIKeyUpsertBulk {
 	})
 }
 // SetLastUsedAt sets the "last_used_at" field.
 func (u *APIKeyUpsertBulk) SetLastUsedAt(v time.Time) *APIKeyUpsertBulk {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.SetLastUsedAt(v)
 	})
 }
 // UpdateLastUsedAt sets the "last_used_at" field to the value that was provided on create.
 func (u *APIKeyUpsertBulk) UpdateLastUsedAt() *APIKeyUpsertBulk {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.UpdateLastUsedAt()
 	})
 }
 // ClearLastUsedAt clears the value of the "last_used_at" field.
 func (u *APIKeyUpsertBulk) ClearLastUsedAt() *APIKeyUpsertBulk {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.ClearLastUsedAt()
 	})
 }
 // SetIPWhitelist sets the "ip_whitelist" field.
 func (u *APIKeyUpsertBulk) SetIPWhitelist(v []string) *APIKeyUpsertBulk {
 	return u.Update(func(s *APIKeyUpsert) {
@@ -1103,6 +1366,69 @@ func (u *APIKeyUpsertBulk) ClearIPBlacklist() *APIKeyUpsertBulk {
 	})
 }
 // SetQuota sets the "quota" field.
 func (u *APIKeyUpsertBulk) SetQuota(v float64) *APIKeyUpsertBulk {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.SetQuota(v)
 	})
 }
 // AddQuota adds v to the "quota" field.
 func (u *APIKeyUpsertBulk) AddQuota(v float64) *APIKeyUpsertBulk {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.AddQuota(v)
 	})
 }
 // UpdateQuota sets the "quota" field to the value that was provided on create.
 func (u *APIKeyUpsertBulk) UpdateQuota() *APIKeyUpsertBulk {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.UpdateQuota()
 	})
 }
 // SetQuotaUsed sets the "quota_used" field.
 func (u *APIKeyUpsertBulk) SetQuotaUsed(v float64) *APIKeyUpsertBulk {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.SetQuotaUsed(v)
 	})
 }
 // AddQuotaUsed adds v to the "quota_used" field.
 func (u *APIKeyUpsertBulk) AddQuotaUsed(v float64) *APIKeyUpsertBulk {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.AddQuotaUsed(v)
 	})
 }
 // UpdateQuotaUsed sets the "quota_used" field to the value that was provided on create.
 func (u *APIKeyUpsertBulk) UpdateQuotaUsed() *APIKeyUpsertBulk {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.UpdateQuotaUsed()
 	})
 }
 // SetExpiresAt sets the "expires_at" field.
 func (u *APIKeyUpsertBulk) SetExpiresAt(v time.Time) *APIKeyUpsertBulk {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.SetExpiresAt(v)
 	})
 }
 // UpdateExpiresAt sets the "expires_at" field to the value that was provided on create.
 func (u *APIKeyUpsertBulk) UpdateExpiresAt() *APIKeyUpsertBulk {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.UpdateExpiresAt()
 	})
 }
 // ClearExpiresAt clears the value of the "expires_at" field.
 func (u *APIKeyUpsertBulk) ClearExpiresAt() *APIKeyUpsertBulk {
 	return u.Update(func(s *APIKeyUpsert) {
 		s.ClearExpiresAt()
 	})
 }
 // Exec executes the query.
 func (u *APIKeyUpsertBulk) Exec(ctx context.Context) error {
 	if u.create.err != nil {
--- a/backend/ent/apikey_update.go
+++ b/backend/ent/apikey_update.go
@@ -134,6 +134,26 @@ func (_u *APIKeyUpdate) SetNillableStatus(v *string) *APIKeyUpdate {
 	return _u
 }
 // SetLastUsedAt sets the "last_used_at" field.
 func (_u *APIKeyUpdate) SetLastUsedAt(v time.Time) *APIKeyUpdate {
 	_u.mutation.SetLastUsedAt(v)
 	return _u
 }
 // SetNillableLastUsedAt sets the "last_used_at" field if the given value is not nil.
 func (_u *APIKeyUpdate) SetNillableLastUsedAt(v *time.Time) *APIKeyUpdate {
 	if v != nil {
 		_u.SetLastUsedAt(*v)
 	}
 	return _u
 }
 // ClearLastUsedAt clears the value of the "last_used_at" field.
 func (_u *APIKeyUpdate) ClearLastUsedAt() *APIKeyUpdate {
 	_u.mutation.ClearLastUsedAt()
 	return _u
 }
 // SetIPWhitelist sets the "ip_whitelist" field.
 func (_u *APIKeyUpdate) SetIPWhitelist(v []string) *APIKeyUpdate {
 	_u.mutation.SetIPWhitelist(v)
@@ -170,6 +190,68 @@ func (_u *APIKeyUpdate) ClearIPBlacklist() *APIKeyUpdate {
 	return _u
 }
 // SetQuota sets the "quota" field.
 func (_u *APIKeyUpdate) SetQuota(v float64) *APIKeyUpdate {
 	_u.mutation.ResetQuota()
 	_u.mutation.SetQuota(v)
 	return _u
 }
 // SetNillableQuota sets the "quota" field if the given value is not nil.
 func (_u *APIKeyUpdate) SetNillableQuota(v *float64) *APIKeyUpdate {
 	if v != nil {
 		_u.SetQuota(*v)
 	}
 	return _u
 }
 // AddQuota adds value to the "quota" field.
 func (_u *APIKeyUpdate) AddQuota(v float64) *APIKeyUpdate {
 	_u.mutation.AddQuota(v)
 	return _u
 }
 // SetQuotaUsed sets the "quota_used" field.
 func (_u *APIKeyUpdate) SetQuotaUsed(v float64) *APIKeyUpdate {
 	_u.mutation.ResetQuotaUsed()
 	_u.mutation.SetQuotaUsed(v)
 	return _u
 }
 // SetNillableQuotaUsed sets the "quota_used" field if the given value is not nil.
 func (_u *APIKeyUpdate) SetNillableQuotaUsed(v *float64) *APIKeyUpdate {
 	if v != nil {
 		_u.SetQuotaUsed(*v)
 	}
 	return _u
 }
 // AddQuotaUsed adds value to the "quota_used" field.
 func (_u *APIKeyUpdate) AddQuotaUsed(v float64) *APIKeyUpdate {
 	_u.mutation.AddQuotaUsed(v)
 	return _u
 }
 // SetExpiresAt sets the "expires_at" field.
 func (_u *APIKeyUpdate) SetExpiresAt(v time.Time) *APIKeyUpdate {
 	_u.mutation.SetExpiresAt(v)
 	return _u
 }
 // SetNillableExpiresAt sets the "expires_at" field if the given value is not nil.
 func (_u *APIKeyUpdate) SetNillableExpiresAt(v *time.Time) *APIKeyUpdate {
 	if v != nil {
 		_u.SetExpiresAt(*v)
 	}
 	return _u
 }
 // ClearExpiresAt clears the value of the "expires_at" field.
 func (_u *APIKeyUpdate) ClearExpiresAt() *APIKeyUpdate {
 	_u.mutation.ClearExpiresAt()
 	return _u
 }
 // SetUser sets the "user" edge to the User entity.
 func (_u *APIKeyUpdate) SetUser(v *User) *APIKeyUpdate {
 	return _u.SetUserID(v.ID)
@@ -328,6 +410,12 @@ func (_u *APIKeyUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 	if value, ok := _u.mutation.Status(); ok {
 		_spec.SetField(apikey.FieldStatus, field.TypeString, value)
 	}
 	if value, ok := _u.mutation.LastUsedAt(); ok {
 		_spec.SetField(apikey.FieldLastUsedAt, field.TypeTime, value)
 	}
 	if _u.mutation.LastUsedAtCleared() {
 		_spec.ClearField(apikey.FieldLastUsedAt, field.TypeTime)
 	}
 	if value, ok := _u.mutation.IPWhitelist(); ok {
 		_spec.SetField(apikey.FieldIPWhitelist, field.TypeJSON, value)
 	}
@@ -350,6 +438,24 @@ func (_u *APIKeyUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 	if _u.mutation.IPBlacklistCleared() {
 		_spec.ClearField(apikey.FieldIPBlacklist, field.TypeJSON)
 	}
 	if value, ok := _u.mutation.Quota(); ok {
 		_spec.SetField(apikey.FieldQuota, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedQuota(); ok {
 		_spec.AddField(apikey.FieldQuota, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.QuotaUsed(); ok {
 		_spec.SetField(apikey.FieldQuotaUsed, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedQuotaUsed(); ok {
 		_spec.AddField(apikey.FieldQuotaUsed, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.ExpiresAt(); ok {
 		_spec.SetField(apikey.FieldExpiresAt, field.TypeTime, value)
 	}
 	if _u.mutation.ExpiresAtCleared() {
 		_spec.ClearField(apikey.FieldExpiresAt, field.TypeTime)
 	}
 	if _u.mutation.UserCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
@@ -575,6 +681,26 @@ func (_u *APIKeyUpdateOne) SetNillableStatus(v *string) *APIKeyUpdateOne {
 	return _u
 }
 // SetLastUsedAt sets the "last_used_at" field.
 func (_u *APIKeyUpdateOne) SetLastUsedAt(v time.Time) *APIKeyUpdateOne {
 	_u.mutation.SetLastUsedAt(v)
 	return _u
 }
 // SetNillableLastUsedAt sets the "last_used_at" field if the given value is not nil.
 func (_u *APIKeyUpdateOne) SetNillableLastUsedAt(v *time.Time) *APIKeyUpdateOne {
 	if v != nil {
 		_u.SetLastUsedAt(*v)
 	}
 	return _u
 }
 // ClearLastUsedAt clears the value of the "last_used_at" field.
 func (_u *APIKeyUpdateOne) ClearLastUsedAt() *APIKeyUpdateOne {
 	_u.mutation.ClearLastUsedAt()
 	return _u
 }
 // SetIPWhitelist sets the "ip_whitelist" field.
 func (_u *APIKeyUpdateOne) SetIPWhitelist(v []string) *APIKeyUpdateOne {
 	_u.mutation.SetIPWhitelist(v)
@@ -611,6 +737,68 @@ func (_u *APIKeyUpdateOne) ClearIPBlacklist() *APIKeyUpdateOne {
 	return _u
 }
 // SetQuota sets the "quota" field.
 func (_u *APIKeyUpdateOne) SetQuota(v float64) *APIKeyUpdateOne {
 	_u.mutation.ResetQuota()
 	_u.mutation.SetQuota(v)
 	return _u
 }
 // SetNillableQuota sets the "quota" field if the given value is not nil.
 func (_u *APIKeyUpdateOne) SetNillableQuota(v *float64) *APIKeyUpdateOne {
 	if v != nil {
 		_u.SetQuota(*v)
 	}
 	return _u
 }
 // AddQuota adds value to the "quota" field.
 func (_u *APIKeyUpdateOne) AddQuota(v float64) *APIKeyUpdateOne {
 	_u.mutation.AddQuota(v)
 	return _u
 }
 // SetQuotaUsed sets the "quota_used" field.
 func (_u *APIKeyUpdateOne) SetQuotaUsed(v float64) *APIKeyUpdateOne {
 	_u.mutation.ResetQuotaUsed()
 	_u.mutation.SetQuotaUsed(v)
 	return _u
 }
 // SetNillableQuotaUsed sets the "quota_used" field if the given value is not nil.
 func (_u *APIKeyUpdateOne) SetNillableQuotaUsed(v *float64) *APIKeyUpdateOne {
 	if v != nil {
 		_u.SetQuotaUsed(*v)
 	}
 	return _u
 }
 // AddQuotaUsed adds value to the "quota_used" field.
 func (_u *APIKeyUpdateOne) AddQuotaUsed(v float64) *APIKeyUpdateOne {
 	_u.mutation.AddQuotaUsed(v)
 	return _u
 }
 // SetExpiresAt sets the "expires_at" field.
 func (_u *APIKeyUpdateOne) SetExpiresAt(v time.Time) *APIKeyUpdateOne {
 	_u.mutation.SetExpiresAt(v)
 	return _u
 }
 // SetNillableExpiresAt sets the "expires_at" field if the given value is not nil.
 func (_u *APIKeyUpdateOne) SetNillableExpiresAt(v *time.Time) *APIKeyUpdateOne {
 	if v != nil {
 		_u.SetExpiresAt(*v)
 	}
 	return _u
 }
 // ClearExpiresAt clears the value of the "expires_at" field.
 func (_u *APIKeyUpdateOne) ClearExpiresAt() *APIKeyUpdateOne {
 	_u.mutation.ClearExpiresAt()
 	return _u
 }
 // SetUser sets the "user" edge to the User entity.
 func (_u *APIKeyUpdateOne) SetUser(v *User) *APIKeyUpdateOne {
 	return _u.SetUserID(v.ID)
@@ -799,6 +987,12 @@ func (_u *APIKeyUpdateOne) sqlSave(ctx context.Context) (_node *APIKey, err erro
 	if value, ok := _u.mutation.Status(); ok {
 		_spec.SetField(apikey.FieldStatus, field.TypeString, value)
 	}
 	if value, ok := _u.mutation.LastUsedAt(); ok {
 		_spec.SetField(apikey.FieldLastUsedAt, field.TypeTime, value)
 	}
 	if _u.mutation.LastUsedAtCleared() {
 		_spec.ClearField(apikey.FieldLastUsedAt, field.TypeTime)
 	}
 	if value, ok := _u.mutation.IPWhitelist(); ok {
 		_spec.SetField(apikey.FieldIPWhitelist, field.TypeJSON, value)
 	}
@@ -821,6 +1015,24 @@ func (_u *APIKeyUpdateOne) sqlSave(ctx context.Context) (_node *APIKey, err erro
 	if _u.mutation.IPBlacklistCleared() {
 		_spec.ClearField(apikey.FieldIPBlacklist, field.TypeJSON)
 	}
 	if value, ok := _u.mutation.Quota(); ok {
 		_spec.SetField(apikey.FieldQuota, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedQuota(); ok {
 		_spec.AddField(apikey.FieldQuota, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.QuotaUsed(); ok {
 		_spec.SetField(apikey.FieldQuotaUsed, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedQuotaUsed(); ok {
 		_spec.AddField(apikey.FieldQuotaUsed, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.ExpiresAt(); ok {
 		_spec.SetField(apikey.FieldExpiresAt, field.TypeTime, value)
 	}
 	if _u.mutation.ExpiresAtCleared() {
 		_spec.ClearField(apikey.FieldExpiresAt, field.TypeTime)
 	}
 	if _u.mutation.UserCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
--- a/backend/ent/client.go
+++ b/backend/ent/client.go
@@ -17,12 +17,16 @@ import (
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"github.com/Wei-Shaw/sub2api/ent/account"
 	"github.com/Wei-Shaw/sub2api/ent/accountgroup"
 	"github.com/Wei-Shaw/sub2api/ent/announcement"
 	"github.com/Wei-Shaw/sub2api/ent/announcementread"
 	"github.com/Wei-Shaw/sub2api/ent/apikey"
 	"github.com/Wei-Shaw/sub2api/ent/errorpassthroughrule"
 	"github.com/Wei-Shaw/sub2api/ent/group"
 	"github.com/Wei-Shaw/sub2api/ent/promocode"
 	"github.com/Wei-Shaw/sub2api/ent/promocodeusage"
 	"github.com/Wei-Shaw/sub2api/ent/proxy"
 	"github.com/Wei-Shaw/sub2api/ent/redeemcode"
 	"github.com/Wei-Shaw/sub2api/ent/securitysecret"
 	"github.com/Wei-Shaw/sub2api/ent/setting"
 	"github.com/Wei-Shaw/sub2api/ent/usagecleanuptask"
 	"github.com/Wei-Shaw/sub2api/ent/usagelog"
@@ -46,6 +50,12 @@ type Client struct {
 	Account *AccountClient
 	// AccountGroup is the client for interacting with the AccountGroup builders.
 	AccountGroup *AccountGroupClient
 	// Announcement is the client for interacting with the Announcement builders.
 	Announcement *AnnouncementClient
 	// AnnouncementRead is the client for interacting with the AnnouncementRead builders.
 	AnnouncementRead *AnnouncementReadClient
 	// ErrorPassthroughRule is the client for interacting with the ErrorPassthroughRule builders.
 	ErrorPassthroughRule *ErrorPassthroughRuleClient
 	// Group is the client for interacting with the Group builders.
 	Group *GroupClient
 	// PromoCode is the client for interacting with the PromoCode builders.
@@ -56,6 +66,8 @@ type Client struct {
 	Proxy *ProxyClient
 	// RedeemCode is the client for interacting with the RedeemCode builders.
 	RedeemCode *RedeemCodeClient
 	// SecuritySecret is the client for interacting with the SecuritySecret builders.
 	SecuritySecret *SecuritySecretClient
 	// Setting is the client for interacting with the Setting builders.
 	Setting *SettingClient
 	// UsageCleanupTask is the client for interacting with the UsageCleanupTask builders.
@@ -86,11 +98,15 @@ func (c *Client) init() {
 	c.APIKey = NewAPIKeyClient(c.config)
 	c.Account = NewAccountClient(c.config)
 	c.AccountGroup = NewAccountGroupClient(c.config)
 	c.Announcement = NewAnnouncementClient(c.config)
 	c.AnnouncementRead = NewAnnouncementReadClient(c.config)
 	c.ErrorPassthroughRule = NewErrorPassthroughRuleClient(c.config)
 	c.Group = NewGroupClient(c.config)
 	c.PromoCode = NewPromoCodeClient(c.config)
 	c.PromoCodeUsage = NewPromoCodeUsageClient(c.config)
 	c.Proxy = NewProxyClient(c.config)
 	c.RedeemCode = NewRedeemCodeClient(c.config)
 	c.SecuritySecret = NewSecuritySecretClient(c.config)
 	c.Setting = NewSettingClient(c.config)
 	c.UsageCleanupTask = NewUsageCleanupTaskClient(c.config)
 	c.UsageLog = NewUsageLogClient(c.config)
@@ -194,11 +210,15 @@ func (c *Client) Tx(ctx context.Context) (*Tx, error) {
 		APIKey:                  NewAPIKeyClient(cfg),
 		Account:                 NewAccountClient(cfg),
 		AccountGroup:            NewAccountGroupClient(cfg),
 		Announcement:            NewAnnouncementClient(cfg),
 		AnnouncementRead:        NewAnnouncementReadClient(cfg),
 		ErrorPassthroughRule:    NewErrorPassthroughRuleClient(cfg),
 		Group:                   NewGroupClient(cfg),
 		PromoCode:               NewPromoCodeClient(cfg),
 		PromoCodeUsage:          NewPromoCodeUsageClient(cfg),
 		Proxy:                   NewProxyClient(cfg),
 		RedeemCode:              NewRedeemCodeClient(cfg),
 		SecuritySecret:          NewSecuritySecretClient(cfg),
 		Setting:                 NewSettingClient(cfg),
 		UsageCleanupTask:        NewUsageCleanupTaskClient(cfg),
 		UsageLog:                NewUsageLogClient(cfg),
@@ -229,11 +249,15 @@ func (c *Client) BeginTx(ctx context.Context, opts *sql.TxOptions) (*Tx, error)
 		APIKey:                  NewAPIKeyClient(cfg),
 		Account:                 NewAccountClient(cfg),
 		AccountGroup:            NewAccountGroupClient(cfg),
 		Announcement:            NewAnnouncementClient(cfg),
 		AnnouncementRead:        NewAnnouncementReadClient(cfg),
 		ErrorPassthroughRule:    NewErrorPassthroughRuleClient(cfg),
 		Group:                   NewGroupClient(cfg),
 		PromoCode:               NewPromoCodeClient(cfg),
 		PromoCodeUsage:          NewPromoCodeUsageClient(cfg),
 		Proxy:                   NewProxyClient(cfg),
 		RedeemCode:              NewRedeemCodeClient(cfg),
 		SecuritySecret:          NewSecuritySecretClient(cfg),
 		Setting:                 NewSettingClient(cfg),
 		UsageCleanupTask:        NewUsageCleanupTaskClient(cfg),
 		UsageLog:                NewUsageLogClient(cfg),
@@ -271,9 +295,10 @@ func (c *Client) Close() error {
 // In order to add hooks to a specific client, call: `client.Node.Use(...)`.
 func (c *Client) Use(hooks ...Hook) {
 	for _, n := range []interface{ Use(...Hook) }{
-		c.APIKey, c.Account, c.AccountGroup, c.Group, c.PromoCode, c.PromoCodeUsage,
+		c.APIKey, c.Account, c.AccountGroup, c.Announcement, c.AnnouncementRead,
-		c.Proxy, c.RedeemCode, c.Setting, c.UsageCleanupTask, c.UsageLog, c.User,
+		c.ErrorPassthroughRule, c.Group, c.PromoCode, c.PromoCodeUsage, c.Proxy,
-		c.UserAllowedGroup, c.UserAttributeDefinition, c.UserAttributeValue,
+		c.RedeemCode, c.SecuritySecret, c.Setting, c.UsageCleanupTask, c.UsageLog,
 		c.User, c.UserAllowedGroup, c.UserAttributeDefinition, c.UserAttributeValue,
 		c.UserSubscription,
 	} {
 		n.Use(hooks...)
@@ -284,9 +309,10 @@ func (c *Client) Use(hooks ...Hook) {
 // In order to add interceptors to a specific client, call: `client.Node.Intercept(...)`.
 func (c *Client) Intercept(interceptors ...Interceptor) {
 	for _, n := range []interface{ Intercept(...Interceptor) }{
-		c.APIKey, c.Account, c.AccountGroup, c.Group, c.PromoCode, c.PromoCodeUsage,
+		c.APIKey, c.Account, c.AccountGroup, c.Announcement, c.AnnouncementRead,
-		c.Proxy, c.RedeemCode, c.Setting, c.UsageCleanupTask, c.UsageLog, c.User,
+		c.ErrorPassthroughRule, c.Group, c.PromoCode, c.PromoCodeUsage, c.Proxy,
-		c.UserAllowedGroup, c.UserAttributeDefinition, c.UserAttributeValue,
+		c.RedeemCode, c.SecuritySecret, c.Setting, c.UsageCleanupTask, c.UsageLog,
 		c.User, c.UserAllowedGroup, c.UserAttributeDefinition, c.UserAttributeValue,
 		c.UserSubscription,
 	} {
 		n.Intercept(interceptors...)
@@ -302,6 +328,12 @@ func (c *Client) Mutate(ctx context.Context, m Mutation) (Value, error) {
 		return c.Account.mutate(ctx, m)
 	case *AccountGroupMutation:
 		return c.AccountGroup.mutate(ctx, m)
 	case *AnnouncementMutation:
 		return c.Announcement.mutate(ctx, m)
 	case *AnnouncementReadMutation:
 		return c.AnnouncementRead.mutate(ctx, m)
 	case *ErrorPassthroughRuleMutation:
 		return c.ErrorPassthroughRule.mutate(ctx, m)
 	case *GroupMutation:
 		return c.Group.mutate(ctx, m)
 	case *PromoCodeMutation:
@@ -312,6 +344,8 @@ func (c *Client) Mutate(ctx context.Context, m Mutation) (Value, error) {
 		return c.Proxy.mutate(ctx, m)
 	case *RedeemCodeMutation:
 		return c.RedeemCode.mutate(ctx, m)
 	case *SecuritySecretMutation:
 		return c.SecuritySecret.mutate(ctx, m)
 	case *SettingMutation:
 		return c.Setting.mutate(ctx, m)
 	case *UsageCleanupTaskMutation:
@@ -831,6 +865,453 @@ func (c *AccountGroupClient) mutate(ctx context.Context, m *AccountGroupMutation
 	}
 }
 // AnnouncementClient is a client for the Announcement schema.
 type AnnouncementClient struct {
 	config
 }
 // NewAnnouncementClient returns a client for the Announcement from the given config.
 func NewAnnouncementClient(c config) *AnnouncementClient {
 	return &AnnouncementClient{config: c}
 }
 // Use adds a list of mutation hooks to the hooks stack.
 // A call to `Use(f, g, h)` equals to `announcement.Hooks(f(g(h())))`.
 func (c *AnnouncementClient) Use(hooks ...Hook) {
 	c.hooks.Announcement = append(c.hooks.Announcement, hooks...)
 }
 // Intercept adds a list of query interceptors to the interceptors stack.
 // A call to `Intercept(f, g, h)` equals to `announcement.Intercept(f(g(h())))`.
 func (c *AnnouncementClient) Intercept(interceptors ...Interceptor) {
 	c.inters.Announcement = append(c.inters.Announcement, interceptors...)
 }
 // Create returns a builder for creating a Announcement entity.
 func (c *AnnouncementClient) Create() *AnnouncementCreate {
 	mutation := newAnnouncementMutation(c.config, OpCreate)
 	return &AnnouncementCreate{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // CreateBulk returns a builder for creating a bulk of Announcement entities.
 func (c *AnnouncementClient) CreateBulk(builders ...*AnnouncementCreate) *AnnouncementCreateBulk {
 	return &AnnouncementCreateBulk{config: c.config, builders: builders}
 }
 // MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
 // a builder and applies setFunc on it.
 func (c *AnnouncementClient) MapCreateBulk(slice any, setFunc func(*AnnouncementCreate, int)) *AnnouncementCreateBulk {
 	rv := reflect.ValueOf(slice)
 	if rv.Kind() != reflect.Slice {
 		return &AnnouncementCreateBulk{err: fmt.Errorf("calling to AnnouncementClient.MapCreateBulk with wrong type %T, need slice", slice)}
 	}
 	builders := make([]*AnnouncementCreate, rv.Len())
 	for i := 0; i < rv.Len(); i++ {
 		builders[i] = c.Create()
 		setFunc(builders[i], i)
 	}
 	return &AnnouncementCreateBulk{config: c.config, builders: builders}
 }
 // Update returns an update builder for Announcement.
 func (c *AnnouncementClient) Update() *AnnouncementUpdate {
 	mutation := newAnnouncementMutation(c.config, OpUpdate)
 	return &AnnouncementUpdate{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // UpdateOne returns an update builder for the given entity.
 func (c *AnnouncementClient) UpdateOne(_m *Announcement) *AnnouncementUpdateOne {
 	mutation := newAnnouncementMutation(c.config, OpUpdateOne, withAnnouncement(_m))
 	return &AnnouncementUpdateOne{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // UpdateOneID returns an update builder for the given id.
 func (c *AnnouncementClient) UpdateOneID(id int64) *AnnouncementUpdateOne {
 	mutation := newAnnouncementMutation(c.config, OpUpdateOne, withAnnouncementID(id))
 	return &AnnouncementUpdateOne{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // Delete returns a delete builder for Announcement.
 func (c *AnnouncementClient) Delete() *AnnouncementDelete {
 	mutation := newAnnouncementMutation(c.config, OpDelete)
 	return &AnnouncementDelete{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // DeleteOne returns a builder for deleting the given entity.
 func (c *AnnouncementClient) DeleteOne(_m *Announcement) *AnnouncementDeleteOne {
 	return c.DeleteOneID(_m.ID)
 }
 // DeleteOneID returns a builder for deleting the given entity by its id.
 func (c *AnnouncementClient) DeleteOneID(id int64) *AnnouncementDeleteOne {
 	builder := c.Delete().Where(announcement.ID(id))
 	builder.mutation.id = &id
 	builder.mutation.op = OpDeleteOne
 	return &AnnouncementDeleteOne{builder}
 }
 // Query returns a query builder for Announcement.
 func (c *AnnouncementClient) Query() *AnnouncementQuery {
 	return &AnnouncementQuery{
 		config: c.config,
 		ctx:    &QueryContext{Type: TypeAnnouncement},
 		inters: c.Interceptors(),
 	}
 }
 // Get returns a Announcement entity by its id.
 func (c *AnnouncementClient) Get(ctx context.Context, id int64) (*Announcement, error) {
 	return c.Query().Where(announcement.ID(id)).Only(ctx)
 }
 // GetX is like Get, but panics if an error occurs.
 func (c *AnnouncementClient) GetX(ctx context.Context, id int64) *Announcement {
 	obj, err := c.Get(ctx, id)
 	if err != nil {
 		panic(err)
 	}
 	return obj
 }
 // QueryReads queries the reads edge of a Announcement.
 func (c *AnnouncementClient) QueryReads(_m *Announcement) *AnnouncementReadQuery {
 	query := (&AnnouncementReadClient{config: c.config}).Query()
 	query.path = func(context.Context) (fromV *sql.Selector, _ error) {
 		id := _m.ID
 		step := sqlgraph.NewStep(
 			sqlgraph.From(announcement.Table, announcement.FieldID, id),
 			sqlgraph.To(announcementread.Table, announcementread.FieldID),
 			sqlgraph.Edge(sqlgraph.O2M, false, announcement.ReadsTable, announcement.ReadsColumn),
 		)
 		fromV = sqlgraph.Neighbors(_m.driver.Dialect(), step)
 		return fromV, nil
 	}
 	return query
 }
 // Hooks returns the client hooks.
 func (c *AnnouncementClient) Hooks() []Hook {
 	return c.hooks.Announcement
 }
 // Interceptors returns the client interceptors.
 func (c *AnnouncementClient) Interceptors() []Interceptor {
 	return c.inters.Announcement
 }
 func (c *AnnouncementClient) mutate(ctx context.Context, m *AnnouncementMutation) (Value, error) {
 	switch m.Op() {
 	case OpCreate:
 		return (&AnnouncementCreate{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
 	case OpUpdate:
 		return (&AnnouncementUpdate{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
 	case OpUpdateOne:
 		return (&AnnouncementUpdateOne{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
 	case OpDelete, OpDeleteOne:
 		return (&AnnouncementDelete{config: c.config, hooks: c.Hooks(), mutation: m}).Exec(ctx)
 	default:
 		return nil, fmt.Errorf("ent: unknown Announcement mutation op: %q", m.Op())
 	}
 }
 // AnnouncementReadClient is a client for the AnnouncementRead schema.
 type AnnouncementReadClient struct {
 	config
 }
 // NewAnnouncementReadClient returns a client for the AnnouncementRead from the given config.
 func NewAnnouncementReadClient(c config) *AnnouncementReadClient {
 	return &AnnouncementReadClient{config: c}
 }
 // Use adds a list of mutation hooks to the hooks stack.
 // A call to `Use(f, g, h)` equals to `announcementread.Hooks(f(g(h())))`.
 func (c *AnnouncementReadClient) Use(hooks ...Hook) {
 	c.hooks.AnnouncementRead = append(c.hooks.AnnouncementRead, hooks...)
 }
 // Intercept adds a list of query interceptors to the interceptors stack.
 // A call to `Intercept(f, g, h)` equals to `announcementread.Intercept(f(g(h())))`.
 func (c *AnnouncementReadClient) Intercept(interceptors ...Interceptor) {
 	c.inters.AnnouncementRead = append(c.inters.AnnouncementRead, interceptors...)
 }
 // Create returns a builder for creating a AnnouncementRead entity.
 func (c *AnnouncementReadClient) Create() *AnnouncementReadCreate {
 	mutation := newAnnouncementReadMutation(c.config, OpCreate)
 	return &AnnouncementReadCreate{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // CreateBulk returns a builder for creating a bulk of AnnouncementRead entities.
 func (c *AnnouncementReadClient) CreateBulk(builders ...*AnnouncementReadCreate) *AnnouncementReadCreateBulk {
 	return &AnnouncementReadCreateBulk{config: c.config, builders: builders}
 }
 // MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
 // a builder and applies setFunc on it.
 func (c *AnnouncementReadClient) MapCreateBulk(slice any, setFunc func(*AnnouncementReadCreate, int)) *AnnouncementReadCreateBulk {
 	rv := reflect.ValueOf(slice)
 	if rv.Kind() != reflect.Slice {
 		return &AnnouncementReadCreateBulk{err: fmt.Errorf("calling to AnnouncementReadClient.MapCreateBulk with wrong type %T, need slice", slice)}
 	}
 	builders := make([]*AnnouncementReadCreate, rv.Len())
 	for i := 0; i < rv.Len(); i++ {
 		builders[i] = c.Create()
 		setFunc(builders[i], i)
 	}
 	return &AnnouncementReadCreateBulk{config: c.config, builders: builders}
 }
 // Update returns an update builder for AnnouncementRead.
 func (c *AnnouncementReadClient) Update() *AnnouncementReadUpdate {
 	mutation := newAnnouncementReadMutation(c.config, OpUpdate)
 	return &AnnouncementReadUpdate{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // UpdateOne returns an update builder for the given entity.
 func (c *AnnouncementReadClient) UpdateOne(_m *AnnouncementRead) *AnnouncementReadUpdateOne {
 	mutation := newAnnouncementReadMutation(c.config, OpUpdateOne, withAnnouncementRead(_m))
 	return &AnnouncementReadUpdateOne{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // UpdateOneID returns an update builder for the given id.
 func (c *AnnouncementReadClient) UpdateOneID(id int64) *AnnouncementReadUpdateOne {
 	mutation := newAnnouncementReadMutation(c.config, OpUpdateOne, withAnnouncementReadID(id))
 	return &AnnouncementReadUpdateOne{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // Delete returns a delete builder for AnnouncementRead.
 func (c *AnnouncementReadClient) Delete() *AnnouncementReadDelete {
 	mutation := newAnnouncementReadMutation(c.config, OpDelete)
 	return &AnnouncementReadDelete{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // DeleteOne returns a builder for deleting the given entity.
 func (c *AnnouncementReadClient) DeleteOne(_m *AnnouncementRead) *AnnouncementReadDeleteOne {
 	return c.DeleteOneID(_m.ID)
 }
 // DeleteOneID returns a builder for deleting the given entity by its id.
 func (c *AnnouncementReadClient) DeleteOneID(id int64) *AnnouncementReadDeleteOne {
 	builder := c.Delete().Where(announcementread.ID(id))
 	builder.mutation.id = &id
 	builder.mutation.op = OpDeleteOne
 	return &AnnouncementReadDeleteOne{builder}
 }
 // Query returns a query builder for AnnouncementRead.
 func (c *AnnouncementReadClient) Query() *AnnouncementReadQuery {
 	return &AnnouncementReadQuery{
 		config: c.config,
 		ctx:    &QueryContext{Type: TypeAnnouncementRead},
 		inters: c.Interceptors(),
 	}
 }
 // Get returns a AnnouncementRead entity by its id.
 func (c *AnnouncementReadClient) Get(ctx context.Context, id int64) (*AnnouncementRead, error) {
 	return c.Query().Where(announcementread.ID(id)).Only(ctx)
 }
 // GetX is like Get, but panics if an error occurs.
 func (c *AnnouncementReadClient) GetX(ctx context.Context, id int64) *AnnouncementRead {
 	obj, err := c.Get(ctx, id)
 	if err != nil {
 		panic(err)
 	}
 	return obj
 }
 // QueryAnnouncement queries the announcement edge of a AnnouncementRead.
 func (c *AnnouncementReadClient) QueryAnnouncement(_m *AnnouncementRead) *AnnouncementQuery {
 	query := (&AnnouncementClient{config: c.config}).Query()
 	query.path = func(context.Context) (fromV *sql.Selector, _ error) {
 		id := _m.ID
 		step := sqlgraph.NewStep(
 			sqlgraph.From(announcementread.Table, announcementread.FieldID, id),
 			sqlgraph.To(announcement.Table, announcement.FieldID),
 			sqlgraph.Edge(sqlgraph.M2O, true, announcementread.AnnouncementTable, announcementread.AnnouncementColumn),
 		)
 		fromV = sqlgraph.Neighbors(_m.driver.Dialect(), step)
 		return fromV, nil
 	}
 	return query
 }
 // QueryUser queries the user edge of a AnnouncementRead.
 func (c *AnnouncementReadClient) QueryUser(_m *AnnouncementRead) *UserQuery {
 	query := (&UserClient{config: c.config}).Query()
 	query.path = func(context.Context) (fromV *sql.Selector, _ error) {
 		id := _m.ID
 		step := sqlgraph.NewStep(
 			sqlgraph.From(announcementread.Table, announcementread.FieldID, id),
 			sqlgraph.To(user.Table, user.FieldID),
 			sqlgraph.Edge(sqlgraph.M2O, true, announcementread.UserTable, announcementread.UserColumn),
 		)
 		fromV = sqlgraph.Neighbors(_m.driver.Dialect(), step)
 		return fromV, nil
 	}
 	return query
 }
 // Hooks returns the client hooks.
 func (c *AnnouncementReadClient) Hooks() []Hook {
 	return c.hooks.AnnouncementRead
 }
 // Interceptors returns the client interceptors.
 func (c *AnnouncementReadClient) Interceptors() []Interceptor {
 	return c.inters.AnnouncementRead
 }
 func (c *AnnouncementReadClient) mutate(ctx context.Context, m *AnnouncementReadMutation) (Value, error) {
 	switch m.Op() {
 	case OpCreate:
 		return (&AnnouncementReadCreate{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
 	case OpUpdate:
 		return (&AnnouncementReadUpdate{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
 	case OpUpdateOne:
 		return (&AnnouncementReadUpdateOne{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
 	case OpDelete, OpDeleteOne:
 		return (&AnnouncementReadDelete{config: c.config, hooks: c.Hooks(), mutation: m}).Exec(ctx)
 	default:
 		return nil, fmt.Errorf("ent: unknown AnnouncementRead mutation op: %q", m.Op())
 	}
 }
 // ErrorPassthroughRuleClient is a client for the ErrorPassthroughRule schema.
 type ErrorPassthroughRuleClient struct {
 	config
 }
 // NewErrorPassthroughRuleClient returns a client for the ErrorPassthroughRule from the given config.
 func NewErrorPassthroughRuleClient(c config) *ErrorPassthroughRuleClient {
 	return &ErrorPassthroughRuleClient{config: c}
 }
 // Use adds a list of mutation hooks to the hooks stack.
 // A call to `Use(f, g, h)` equals to `errorpassthroughrule.Hooks(f(g(h())))`.
 func (c *ErrorPassthroughRuleClient) Use(hooks ...Hook) {
 	c.hooks.ErrorPassthroughRule = append(c.hooks.ErrorPassthroughRule, hooks...)
 }
 // Intercept adds a list of query interceptors to the interceptors stack.
 // A call to `Intercept(f, g, h)` equals to `errorpassthroughrule.Intercept(f(g(h())))`.
 func (c *ErrorPassthroughRuleClient) Intercept(interceptors ...Interceptor) {
 	c.inters.ErrorPassthroughRule = append(c.inters.ErrorPassthroughRule, interceptors...)
 }
 // Create returns a builder for creating a ErrorPassthroughRule entity.
 func (c *ErrorPassthroughRuleClient) Create() *ErrorPassthroughRuleCreate {
 	mutation := newErrorPassthroughRuleMutation(c.config, OpCreate)
 	return &ErrorPassthroughRuleCreate{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // CreateBulk returns a builder for creating a bulk of ErrorPassthroughRule entities.
 func (c *ErrorPassthroughRuleClient) CreateBulk(builders ...*ErrorPassthroughRuleCreate) *ErrorPassthroughRuleCreateBulk {
 	return &ErrorPassthroughRuleCreateBulk{config: c.config, builders: builders}
 }
 // MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
 // a builder and applies setFunc on it.
 func (c *ErrorPassthroughRuleClient) MapCreateBulk(slice any, setFunc func(*ErrorPassthroughRuleCreate, int)) *ErrorPassthroughRuleCreateBulk {
 	rv := reflect.ValueOf(slice)
 	if rv.Kind() != reflect.Slice {
 		return &ErrorPassthroughRuleCreateBulk{err: fmt.Errorf("calling to ErrorPassthroughRuleClient.MapCreateBulk with wrong type %T, need slice", slice)}
 	}
 	builders := make([]*ErrorPassthroughRuleCreate, rv.Len())
 	for i := 0; i < rv.Len(); i++ {
 		builders[i] = c.Create()
 		setFunc(builders[i], i)
 	}
 	return &ErrorPassthroughRuleCreateBulk{config: c.config, builders: builders}
 }
 // Update returns an update builder for ErrorPassthroughRule.
 func (c *ErrorPassthroughRuleClient) Update() *ErrorPassthroughRuleUpdate {
 	mutation := newErrorPassthroughRuleMutation(c.config, OpUpdate)
 	return &ErrorPassthroughRuleUpdate{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // UpdateOne returns an update builder for the given entity.
 func (c *ErrorPassthroughRuleClient) UpdateOne(_m *ErrorPassthroughRule) *ErrorPassthroughRuleUpdateOne {
 	mutation := newErrorPassthroughRuleMutation(c.config, OpUpdateOne, withErrorPassthroughRule(_m))
 	return &ErrorPassthroughRuleUpdateOne{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // UpdateOneID returns an update builder for the given id.
 func (c *ErrorPassthroughRuleClient) UpdateOneID(id int64) *ErrorPassthroughRuleUpdateOne {
 	mutation := newErrorPassthroughRuleMutation(c.config, OpUpdateOne, withErrorPassthroughRuleID(id))
 	return &ErrorPassthroughRuleUpdateOne{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // Delete returns a delete builder for ErrorPassthroughRule.
 func (c *ErrorPassthroughRuleClient) Delete() *ErrorPassthroughRuleDelete {
 	mutation := newErrorPassthroughRuleMutation(c.config, OpDelete)
 	return &ErrorPassthroughRuleDelete{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // DeleteOne returns a builder for deleting the given entity.
 func (c *ErrorPassthroughRuleClient) DeleteOne(_m *ErrorPassthroughRule) *ErrorPassthroughRuleDeleteOne {
 	return c.DeleteOneID(_m.ID)
 }
 // DeleteOneID returns a builder for deleting the given entity by its id.
 func (c *ErrorPassthroughRuleClient) DeleteOneID(id int64) *ErrorPassthroughRuleDeleteOne {
 	builder := c.Delete().Where(errorpassthroughrule.ID(id))
 	builder.mutation.id = &id
 	builder.mutation.op = OpDeleteOne
 	return &ErrorPassthroughRuleDeleteOne{builder}
 }
 // Query returns a query builder for ErrorPassthroughRule.
 func (c *ErrorPassthroughRuleClient) Query() *ErrorPassthroughRuleQuery {
 	return &ErrorPassthroughRuleQuery{
 		config: c.config,
 		ctx:    &QueryContext{Type: TypeErrorPassthroughRule},
 		inters: c.Interceptors(),
 	}
 }
 // Get returns a ErrorPassthroughRule entity by its id.
 func (c *ErrorPassthroughRuleClient) Get(ctx context.Context, id int64) (*ErrorPassthroughRule, error) {
 	return c.Query().Where(errorpassthroughrule.ID(id)).Only(ctx)
 }
 // GetX is like Get, but panics if an error occurs.
 func (c *ErrorPassthroughRuleClient) GetX(ctx context.Context, id int64) *ErrorPassthroughRule {
 	obj, err := c.Get(ctx, id)
 	if err != nil {
 		panic(err)
 	}
 	return obj
 }
 // Hooks returns the client hooks.
 func (c *ErrorPassthroughRuleClient) Hooks() []Hook {
 	return c.hooks.ErrorPassthroughRule
 }
 // Interceptors returns the client interceptors.
 func (c *ErrorPassthroughRuleClient) Interceptors() []Interceptor {
 	return c.inters.ErrorPassthroughRule
 }
 func (c *ErrorPassthroughRuleClient) mutate(ctx context.Context, m *ErrorPassthroughRuleMutation) (Value, error) {
 	switch m.Op() {
 	case OpCreate:
 		return (&ErrorPassthroughRuleCreate{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
 	case OpUpdate:
 		return (&ErrorPassthroughRuleUpdate{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
 	case OpUpdateOne:
 		return (&ErrorPassthroughRuleUpdateOne{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
 	case OpDelete, OpDeleteOne:
 		return (&ErrorPassthroughRuleDelete{config: c.config, hooks: c.Hooks(), mutation: m}).Exec(ctx)
 	default:
 		return nil, fmt.Errorf("ent: unknown ErrorPassthroughRule mutation op: %q", m.Op())
 	}
 }
 // GroupClient is a client for the Group schema.
 type GroupClient struct {
 	config
@@ -1724,6 +2205,139 @@ func (c *RedeemCodeClient) mutate(ctx context.Context, m *RedeemCodeMutation) (V
 	}
 }
 // SecuritySecretClient is a client for the SecuritySecret schema.
 type SecuritySecretClient struct {
 	config
 }
 // NewSecuritySecretClient returns a client for the SecuritySecret from the given config.
 func NewSecuritySecretClient(c config) *SecuritySecretClient {
 	return &SecuritySecretClient{config: c}
 }
 // Use adds a list of mutation hooks to the hooks stack.
 // A call to `Use(f, g, h)` equals to `securitysecret.Hooks(f(g(h())))`.
 func (c *SecuritySecretClient) Use(hooks ...Hook) {
 	c.hooks.SecuritySecret = append(c.hooks.SecuritySecret, hooks...)
 }
 // Intercept adds a list of query interceptors to the interceptors stack.
 // A call to `Intercept(f, g, h)` equals to `securitysecret.Intercept(f(g(h())))`.
 func (c *SecuritySecretClient) Intercept(interceptors ...Interceptor) {
 	c.inters.SecuritySecret = append(c.inters.SecuritySecret, interceptors...)
 }
 // Create returns a builder for creating a SecuritySecret entity.
 func (c *SecuritySecretClient) Create() *SecuritySecretCreate {
 	mutation := newSecuritySecretMutation(c.config, OpCreate)
 	return &SecuritySecretCreate{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // CreateBulk returns a builder for creating a bulk of SecuritySecret entities.
 func (c *SecuritySecretClient) CreateBulk(builders ...*SecuritySecretCreate) *SecuritySecretCreateBulk {
 	return &SecuritySecretCreateBulk{config: c.config, builders: builders}
 }
 // MapCreateBulk creates a bulk creation builder from the given slice. For each item in the slice, the function creates
 // a builder and applies setFunc on it.
 func (c *SecuritySecretClient) MapCreateBulk(slice any, setFunc func(*SecuritySecretCreate, int)) *SecuritySecretCreateBulk {
 	rv := reflect.ValueOf(slice)
 	if rv.Kind() != reflect.Slice {
 		return &SecuritySecretCreateBulk{err: fmt.Errorf("calling to SecuritySecretClient.MapCreateBulk with wrong type %T, need slice", slice)}
 	}
 	builders := make([]*SecuritySecretCreate, rv.Len())
 	for i := 0; i < rv.Len(); i++ {
 		builders[i] = c.Create()
 		setFunc(builders[i], i)
 	}
 	return &SecuritySecretCreateBulk{config: c.config, builders: builders}
 }
 // Update returns an update builder for SecuritySecret.
 func (c *SecuritySecretClient) Update() *SecuritySecretUpdate {
 	mutation := newSecuritySecretMutation(c.config, OpUpdate)
 	return &SecuritySecretUpdate{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // UpdateOne returns an update builder for the given entity.
 func (c *SecuritySecretClient) UpdateOne(_m *SecuritySecret) *SecuritySecretUpdateOne {
 	mutation := newSecuritySecretMutation(c.config, OpUpdateOne, withSecuritySecret(_m))
 	return &SecuritySecretUpdateOne{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // UpdateOneID returns an update builder for the given id.
 func (c *SecuritySecretClient) UpdateOneID(id int64) *SecuritySecretUpdateOne {
 	mutation := newSecuritySecretMutation(c.config, OpUpdateOne, withSecuritySecretID(id))
 	return &SecuritySecretUpdateOne{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // Delete returns a delete builder for SecuritySecret.
 func (c *SecuritySecretClient) Delete() *SecuritySecretDelete {
 	mutation := newSecuritySecretMutation(c.config, OpDelete)
 	return &SecuritySecretDelete{config: c.config, hooks: c.Hooks(), mutation: mutation}
 }
 // DeleteOne returns a builder for deleting the given entity.
 func (c *SecuritySecretClient) DeleteOne(_m *SecuritySecret) *SecuritySecretDeleteOne {
 	return c.DeleteOneID(_m.ID)
 }
 // DeleteOneID returns a builder for deleting the given entity by its id.
 func (c *SecuritySecretClient) DeleteOneID(id int64) *SecuritySecretDeleteOne {
 	builder := c.Delete().Where(securitysecret.ID(id))
 	builder.mutation.id = &id
 	builder.mutation.op = OpDeleteOne
 	return &SecuritySecretDeleteOne{builder}
 }
 // Query returns a query builder for SecuritySecret.
 func (c *SecuritySecretClient) Query() *SecuritySecretQuery {
 	return &SecuritySecretQuery{
 		config: c.config,
 		ctx:    &QueryContext{Type: TypeSecuritySecret},
 		inters: c.Interceptors(),
 	}
 }
 // Get returns a SecuritySecret entity by its id.
 func (c *SecuritySecretClient) Get(ctx context.Context, id int64) (*SecuritySecret, error) {
 	return c.Query().Where(securitysecret.ID(id)).Only(ctx)
 }
 // GetX is like Get, but panics if an error occurs.
 func (c *SecuritySecretClient) GetX(ctx context.Context, id int64) *SecuritySecret {
 	obj, err := c.Get(ctx, id)
 	if err != nil {
 		panic(err)
 	}
 	return obj
 }
 // Hooks returns the client hooks.
 func (c *SecuritySecretClient) Hooks() []Hook {
 	return c.hooks.SecuritySecret
 }
 // Interceptors returns the client interceptors.
 func (c *SecuritySecretClient) Interceptors() []Interceptor {
 	return c.inters.SecuritySecret
 }
 func (c *SecuritySecretClient) mutate(ctx context.Context, m *SecuritySecretMutation) (Value, error) {
 	switch m.Op() {
 	case OpCreate:
 		return (&SecuritySecretCreate{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
 	case OpUpdate:
 		return (&SecuritySecretUpdate{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
 	case OpUpdateOne:
 		return (&SecuritySecretUpdateOne{config: c.config, hooks: c.Hooks(), mutation: m}).Save(ctx)
 	case OpDelete, OpDeleteOne:
 		return (&SecuritySecretDelete{config: c.config, hooks: c.Hooks(), mutation: m}).Exec(ctx)
 	default:
 		return nil, fmt.Errorf("ent: unknown SecuritySecret mutation op: %q", m.Op())
 	}
 }
 // SettingClient is a client for the Setting schema.
 type SettingClient struct {
 	config
@@ -2375,6 +2989,22 @@ func (c *UserClient) QueryAssignedSubscriptions(_m *User) *UserSubscriptionQuery
 	return query
 }
 // QueryAnnouncementReads queries the announcement_reads edge of a User.
 func (c *UserClient) QueryAnnouncementReads(_m *User) *AnnouncementReadQuery {
 	query := (&AnnouncementReadClient{config: c.config}).Query()
 	query.path = func(context.Context) (fromV *sql.Selector, _ error) {
 		id := _m.ID
 		step := sqlgraph.NewStep(
 			sqlgraph.From(user.Table, user.FieldID, id),
 			sqlgraph.To(announcementread.Table, announcementread.FieldID),
 			sqlgraph.Edge(sqlgraph.O2M, false, user.AnnouncementReadsTable, user.AnnouncementReadsColumn),
 		)
 		fromV = sqlgraph.Neighbors(_m.driver.Dialect(), step)
 		return fromV, nil
 	}
 	return query
 }
 // QueryAllowedGroups queries the allowed_groups edge of a User.
 func (c *UserClient) QueryAllowedGroups(_m *User) *GroupQuery {
 	query := (&GroupClient{config: c.config}).Query()
@@ -3116,13 +3746,15 @@ func (c *UserSubscriptionClient) mutate(ctx context.Context, m *UserSubscription
 // hooks and interceptors per client, for fast access.
 type (
 	hooks struct {
-		APIKey, Account, AccountGroup, Group, PromoCode, PromoCodeUsage, Proxy,
+		APIKey, Account, AccountGroup, Announcement, AnnouncementRead,
-		RedeemCode, Setting, UsageCleanupTask, UsageLog, User, UserAllowedGroup,
+		ErrorPassthroughRule, Group, PromoCode, PromoCodeUsage, Proxy, RedeemCode,
 		SecuritySecret, Setting, UsageCleanupTask, UsageLog, User, UserAllowedGroup,
 		UserAttributeDefinition, UserAttributeValue, UserSubscription []ent.Hook
 	}
 	inters struct {
-		APIKey, Account, AccountGroup, Group, PromoCode, PromoCodeUsage, Proxy,
+		APIKey, Account, AccountGroup, Announcement, AnnouncementRead,
-		RedeemCode, Setting, UsageCleanupTask, UsageLog, User, UserAllowedGroup,
+		ErrorPassthroughRule, Group, PromoCode, PromoCodeUsage, Proxy, RedeemCode,
 		SecuritySecret, Setting, UsageCleanupTask, UsageLog, User, UserAllowedGroup,
 		UserAttributeDefinition, UserAttributeValue, UserSubscription []ent.Interceptor
 	}
 )
--- a/backend/ent/ent.go
+++ b/backend/ent/ent.go
@@ -14,12 +14,16 @@ import (
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"github.com/Wei-Shaw/sub2api/ent/account"
 	"github.com/Wei-Shaw/sub2api/ent/accountgroup"
 	"github.com/Wei-Shaw/sub2api/ent/announcement"
 	"github.com/Wei-Shaw/sub2api/ent/announcementread"
 	"github.com/Wei-Shaw/sub2api/ent/apikey"
 	"github.com/Wei-Shaw/sub2api/ent/errorpassthroughrule"
 	"github.com/Wei-Shaw/sub2api/ent/group"
 	"github.com/Wei-Shaw/sub2api/ent/promocode"
 	"github.com/Wei-Shaw/sub2api/ent/promocodeusage"
 	"github.com/Wei-Shaw/sub2api/ent/proxy"
 	"github.com/Wei-Shaw/sub2api/ent/redeemcode"
 	"github.com/Wei-Shaw/sub2api/ent/securitysecret"
 	"github.com/Wei-Shaw/sub2api/ent/setting"
 	"github.com/Wei-Shaw/sub2api/ent/usagecleanuptask"
 	"github.com/Wei-Shaw/sub2api/ent/usagelog"
@@ -91,11 +95,15 @@ func checkColumn(t, c string) error {
 			apikey.Table:                  apikey.ValidColumn,
 			account.Table:                 account.ValidColumn,
 			accountgroup.Table:            accountgroup.ValidColumn,
 			announcement.Table:            announcement.ValidColumn,
 			announcementread.Table:        announcementread.ValidColumn,
 			errorpassthroughrule.Table:    errorpassthroughrule.ValidColumn,
 			group.Table:                   group.ValidColumn,
 			promocode.Table:               promocode.ValidColumn,
 			promocodeusage.Table:          promocodeusage.ValidColumn,
 			proxy.Table:                   proxy.ValidColumn,
 			redeemcode.Table:              redeemcode.ValidColumn,
 			securitysecret.Table:          securitysecret.ValidColumn,
 			setting.Table:                 setting.ValidColumn,
 			usagecleanuptask.Table:        usagecleanuptask.ValidColumn,
 			usagelog.Table:                usagelog.ValidColumn,
--- a/backend/ent/errorpassthroughrule.go
+++ b/backend/ent/errorpassthroughrule.go
@@ -0,0 +1,280 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"encoding/json"
 	"fmt"
 	"strings"
 	"time"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect/sql"
 	"github.com/Wei-Shaw/sub2api/ent/errorpassthroughrule"
 )
 // ErrorPassthroughRule is the model entity for the ErrorPassthroughRule schema.
 type ErrorPassthroughRule struct {
 	config `json:"-"`
 	// ID of the ent.
 	ID int64 `json:"id,omitempty"`
 	// CreatedAt holds the value of the "created_at" field.
 	CreatedAt time.Time `json:"created_at,omitempty"`
 	// UpdatedAt holds the value of the "updated_at" field.
 	UpdatedAt time.Time `json:"updated_at,omitempty"`
 	// Name holds the value of the "name" field.
 	Name string `json:"name,omitempty"`
 	// Enabled holds the value of the "enabled" field.
 	Enabled bool `json:"enabled,omitempty"`
 	// Priority holds the value of the "priority" field.
 	Priority int `json:"priority,omitempty"`
 	// ErrorCodes holds the value of the "error_codes" field.
 	ErrorCodes []int `json:"error_codes,omitempty"`
 	// Keywords holds the value of the "keywords" field.
 	Keywords []string `json:"keywords,omitempty"`
 	// MatchMode holds the value of the "match_mode" field.
 	MatchMode string `json:"match_mode,omitempty"`
 	// Platforms holds the value of the "platforms" field.
 	Platforms []string `json:"platforms,omitempty"`
 	// PassthroughCode holds the value of the "passthrough_code" field.
 	PassthroughCode bool `json:"passthrough_code,omitempty"`
 	// ResponseCode holds the value of the "response_code" field.
 	ResponseCode *int `json:"response_code,omitempty"`
 	// PassthroughBody holds the value of the "passthrough_body" field.
 	PassthroughBody bool `json:"passthrough_body,omitempty"`
 	// CustomMessage holds the value of the "custom_message" field.
 	CustomMessage *string `json:"custom_message,omitempty"`
 	// SkipMonitoring holds the value of the "skip_monitoring" field.
 	SkipMonitoring bool `json:"skip_monitoring,omitempty"`
 	// Description holds the value of the "description" field.
 	Description  *string `json:"description,omitempty"`
 	selectValues sql.SelectValues
 }
 // scanValues returns the types for scanning values from sql.Rows.
 func (*ErrorPassthroughRule) scanValues(columns []string) ([]any, error) {
 	values := make([]any, len(columns))
 	for i := range columns {
 		switch columns[i] {
 		case errorpassthroughrule.FieldErrorCodes, errorpassthroughrule.FieldKeywords, errorpassthroughrule.FieldPlatforms:
 			values[i] = new([]byte)
 		case errorpassthroughrule.FieldEnabled, errorpassthroughrule.FieldPassthroughCode, errorpassthroughrule.FieldPassthroughBody, errorpassthroughrule.FieldSkipMonitoring:
 			values[i] = new(sql.NullBool)
 		case errorpassthroughrule.FieldID, errorpassthroughrule.FieldPriority, errorpassthroughrule.FieldResponseCode:
 			values[i] = new(sql.NullInt64)
 		case errorpassthroughrule.FieldName, errorpassthroughrule.FieldMatchMode, errorpassthroughrule.FieldCustomMessage, errorpassthroughrule.FieldDescription:
 			values[i] = new(sql.NullString)
 		case errorpassthroughrule.FieldCreatedAt, errorpassthroughrule.FieldUpdatedAt:
 			values[i] = new(sql.NullTime)
 		default:
 			values[i] = new(sql.UnknownType)
 		}
 	}
 	return values, nil
 }
 // assignValues assigns the values that were returned from sql.Rows (after scanning)
 // to the ErrorPassthroughRule fields.
 func (_m *ErrorPassthroughRule) assignValues(columns []string, values []any) error {
 	if m, n := len(values), len(columns); m < n {
 		return fmt.Errorf("mismatch number of scan values: %d != %d", m, n)
 	}
 	for i := range columns {
 		switch columns[i] {
 		case errorpassthroughrule.FieldID:
 			value, ok := values[i].(*sql.NullInt64)
 			if !ok {
 				return fmt.Errorf("unexpected type %T for field id", value)
 			}
 			_m.ID = int64(value.Int64)
 		case errorpassthroughrule.FieldCreatedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field created_at", values[i])
 			} else if value.Valid {
 				_m.CreatedAt = value.Time
 			}
 		case errorpassthroughrule.FieldUpdatedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field updated_at", values[i])
 			} else if value.Valid {
 				_m.UpdatedAt = value.Time
 			}
 		case errorpassthroughrule.FieldName:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field name", values[i])
 			} else if value.Valid {
 				_m.Name = value.String
 			}
 		case errorpassthroughrule.FieldEnabled:
 			if value, ok := values[i].(*sql.NullBool); !ok {
 				return fmt.Errorf("unexpected type %T for field enabled", values[i])
 			} else if value.Valid {
 				_m.Enabled = value.Bool
 			}
 		case errorpassthroughrule.FieldPriority:
 			if value, ok := values[i].(*sql.NullInt64); !ok {
 				return fmt.Errorf("unexpected type %T for field priority", values[i])
 			} else if value.Valid {
 				_m.Priority = int(value.Int64)
 			}
 		case errorpassthroughrule.FieldErrorCodes:
 			if value, ok := values[i].(*[]byte); !ok {
 				return fmt.Errorf("unexpected type %T for field error_codes", values[i])
 			} else if value != nil && len(*value) > 0 {
 				if err := json.Unmarshal(*value, &_m.ErrorCodes); err != nil {
 					return fmt.Errorf("unmarshal field error_codes: %w", err)
 				}
 			}
 		case errorpassthroughrule.FieldKeywords:
 			if value, ok := values[i].(*[]byte); !ok {
 				return fmt.Errorf("unexpected type %T for field keywords", values[i])
 			} else if value != nil && len(*value) > 0 {
 				if err := json.Unmarshal(*value, &_m.Keywords); err != nil {
 					return fmt.Errorf("unmarshal field keywords: %w", err)
 				}
 			}
 		case errorpassthroughrule.FieldMatchMode:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field match_mode", values[i])
 			} else if value.Valid {
 				_m.MatchMode = value.String
 			}
 		case errorpassthroughrule.FieldPlatforms:
 			if value, ok := values[i].(*[]byte); !ok {
 				return fmt.Errorf("unexpected type %T for field platforms", values[i])
 			} else if value != nil && len(*value) > 0 {
 				if err := json.Unmarshal(*value, &_m.Platforms); err != nil {
 					return fmt.Errorf("unmarshal field platforms: %w", err)
 				}
 			}
 		case errorpassthroughrule.FieldPassthroughCode:
 			if value, ok := values[i].(*sql.NullBool); !ok {
 				return fmt.Errorf("unexpected type %T for field passthrough_code", values[i])
 			} else if value.Valid {
 				_m.PassthroughCode = value.Bool
 			}
 		case errorpassthroughrule.FieldResponseCode:
 			if value, ok := values[i].(*sql.NullInt64); !ok {
 				return fmt.Errorf("unexpected type %T for field response_code", values[i])
 			} else if value.Valid {
 				_m.ResponseCode = new(int)
 				*_m.ResponseCode = int(value.Int64)
 			}
 		case errorpassthroughrule.FieldPassthroughBody:
 			if value, ok := values[i].(*sql.NullBool); !ok {
 				return fmt.Errorf("unexpected type %T for field passthrough_body", values[i])
 			} else if value.Valid {
 				_m.PassthroughBody = value.Bool
 			}
 		case errorpassthroughrule.FieldCustomMessage:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field custom_message", values[i])
 			} else if value.Valid {
 				_m.CustomMessage = new(string)
 				*_m.CustomMessage = value.String
 			}
 		case errorpassthroughrule.FieldSkipMonitoring:
 			if value, ok := values[i].(*sql.NullBool); !ok {
 				return fmt.Errorf("unexpected type %T for field skip_monitoring", values[i])
 			} else if value.Valid {
 				_m.SkipMonitoring = value.Bool
 			}
 		case errorpassthroughrule.FieldDescription:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field description", values[i])
 			} else if value.Valid {
 				_m.Description = new(string)
 				*_m.Description = value.String
 			}
 		default:
 			_m.selectValues.Set(columns[i], values[i])
 		}
 	}
 	return nil
 }
 // Value returns the ent.Value that was dynamically selected and assigned to the ErrorPassthroughRule.
 // This includes values selected through modifiers, order, etc.
 func (_m *ErrorPassthroughRule) Value(name string) (ent.Value, error) {
 	return _m.selectValues.Get(name)
 }
 // Update returns a builder for updating this ErrorPassthroughRule.
 // Note that you need to call ErrorPassthroughRule.Unwrap() before calling this method if this ErrorPassthroughRule
 // was returned from a transaction, and the transaction was committed or rolled back.
 func (_m *ErrorPassthroughRule) Update() *ErrorPassthroughRuleUpdateOne {
 	return NewErrorPassthroughRuleClient(_m.config).UpdateOne(_m)
 }
 // Unwrap unwraps the ErrorPassthroughRule entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
 func (_m *ErrorPassthroughRule) Unwrap() *ErrorPassthroughRule {
 	_tx, ok := _m.config.driver.(*txDriver)
 	if !ok {
 		panic("ent: ErrorPassthroughRule is not a transactional entity")
 	}
 	_m.config.driver = _tx.drv
 	return _m
 }
 // String implements the fmt.Stringer.
 func (_m *ErrorPassthroughRule) String() string {
 	var builder strings.Builder
 	builder.WriteString("ErrorPassthroughRule(")
 	builder.WriteString(fmt.Sprintf("id=%v, ", _m.ID))
 	builder.WriteString("created_at=")
 	builder.WriteString(_m.CreatedAt.Format(time.ANSIC))
 	builder.WriteString(", ")
 	builder.WriteString("updated_at=")
 	builder.WriteString(_m.UpdatedAt.Format(time.ANSIC))
 	builder.WriteString(", ")
 	builder.WriteString("name=")
 	builder.WriteString(_m.Name)
 	builder.WriteString(", ")
 	builder.WriteString("enabled=")
 	builder.WriteString(fmt.Sprintf("%v", _m.Enabled))
 	builder.WriteString(", ")
 	builder.WriteString("priority=")
 	builder.WriteString(fmt.Sprintf("%v", _m.Priority))
 	builder.WriteString(", ")
 	builder.WriteString("error_codes=")
 	builder.WriteString(fmt.Sprintf("%v", _m.ErrorCodes))
 	builder.WriteString(", ")
 	builder.WriteString("keywords=")
 	builder.WriteString(fmt.Sprintf("%v", _m.Keywords))
 	builder.WriteString(", ")
 	builder.WriteString("match_mode=")
 	builder.WriteString(_m.MatchMode)
 	builder.WriteString(", ")
 	builder.WriteString("platforms=")
 	builder.WriteString(fmt.Sprintf("%v", _m.Platforms))
 	builder.WriteString(", ")
 	builder.WriteString("passthrough_code=")
 	builder.WriteString(fmt.Sprintf("%v", _m.PassthroughCode))
 	builder.WriteString(", ")
 	if v := _m.ResponseCode; v != nil {
 		builder.WriteString("response_code=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteString(", ")
 	builder.WriteString("passthrough_body=")
 	builder.WriteString(fmt.Sprintf("%v", _m.PassthroughBody))
 	builder.WriteString(", ")
 	if v := _m.CustomMessage; v != nil {
 		builder.WriteString("custom_message=")
 		builder.WriteString(*v)
 	}
 	builder.WriteString(", ")
 	builder.WriteString("skip_monitoring=")
 	builder.WriteString(fmt.Sprintf("%v", _m.SkipMonitoring))
 	builder.WriteString(", ")
 	if v := _m.Description; v != nil {
 		builder.WriteString("description=")
 		builder.WriteString(*v)
 	}
 	builder.WriteByte(')')
 	return builder.String()
 }
 // ErrorPassthroughRules is a parsable slice of ErrorPassthroughRule.
 type ErrorPassthroughRules []*ErrorPassthroughRule
--- a/backend/ent/errorpassthroughrule/errorpassthroughrule.go
+++ b/backend/ent/errorpassthroughrule/errorpassthroughrule.go
@@ -0,0 +1,171 @@
 // Code generated by ent, DO NOT EDIT.
 package errorpassthroughrule
 import (
 	"time"
 	"entgo.io/ent/dialect/sql"
 )
 const (
 	// Label holds the string label denoting the errorpassthroughrule type in the database.
 	Label = "error_passthrough_rule"
 	// FieldID holds the string denoting the id field in the database.
 	FieldID = "id"
 	// FieldCreatedAt holds the string denoting the created_at field in the database.
 	FieldCreatedAt = "created_at"
 	// FieldUpdatedAt holds the string denoting the updated_at field in the database.
 	FieldUpdatedAt = "updated_at"
 	// FieldName holds the string denoting the name field in the database.
 	FieldName = "name"
 	// FieldEnabled holds the string denoting the enabled field in the database.
 	FieldEnabled = "enabled"
 	// FieldPriority holds the string denoting the priority field in the database.
 	FieldPriority = "priority"
 	// FieldErrorCodes holds the string denoting the error_codes field in the database.
 	FieldErrorCodes = "error_codes"
 	// FieldKeywords holds the string denoting the keywords field in the database.
 	FieldKeywords = "keywords"
 	// FieldMatchMode holds the string denoting the match_mode field in the database.
 	FieldMatchMode = "match_mode"
 	// FieldPlatforms holds the string denoting the platforms field in the database.
 	FieldPlatforms = "platforms"
 	// FieldPassthroughCode holds the string denoting the passthrough_code field in the database.
 	FieldPassthroughCode = "passthrough_code"
 	// FieldResponseCode holds the string denoting the response_code field in the database.
 	FieldResponseCode = "response_code"
 	// FieldPassthroughBody holds the string denoting the passthrough_body field in the database.
 	FieldPassthroughBody = "passthrough_body"
 	// FieldCustomMessage holds the string denoting the custom_message field in the database.
 	FieldCustomMessage = "custom_message"
 	// FieldSkipMonitoring holds the string denoting the skip_monitoring field in the database.
 	FieldSkipMonitoring = "skip_monitoring"
 	// FieldDescription holds the string denoting the description field in the database.
 	FieldDescription = "description"
 	// Table holds the table name of the errorpassthroughrule in the database.
 	Table = "error_passthrough_rules"
 )
 // Columns holds all SQL columns for errorpassthroughrule fields.
 var Columns = []string{
 	FieldID,
 	FieldCreatedAt,
 	FieldUpdatedAt,
 	FieldName,
 	FieldEnabled,
 	FieldPriority,
 	FieldErrorCodes,
 	FieldKeywords,
 	FieldMatchMode,
 	FieldPlatforms,
 	FieldPassthroughCode,
 	FieldResponseCode,
 	FieldPassthroughBody,
 	FieldCustomMessage,
 	FieldSkipMonitoring,
 	FieldDescription,
 }
 // ValidColumn reports if the column name is valid (part of the table columns).
 func ValidColumn(column string) bool {
 	for i := range Columns {
 		if column == Columns[i] {
 			return true
 		}
 	}
 	return false
 }
 var (
 	// DefaultCreatedAt holds the default value on creation for the "created_at" field.
 	DefaultCreatedAt func() time.Time
 	// DefaultUpdatedAt holds the default value on creation for the "updated_at" field.
 	DefaultUpdatedAt func() time.Time
 	// UpdateDefaultUpdatedAt holds the default value on update for the "updated_at" field.
 	UpdateDefaultUpdatedAt func() time.Time
 	// NameValidator is a validator for the "name" field. It is called by the builders before save.
 	NameValidator func(string) error
 	// DefaultEnabled holds the default value on creation for the "enabled" field.
 	DefaultEnabled bool
 	// DefaultPriority holds the default value on creation for the "priority" field.
 	DefaultPriority int
 	// DefaultMatchMode holds the default value on creation for the "match_mode" field.
 	DefaultMatchMode string
 	// MatchModeValidator is a validator for the "match_mode" field. It is called by the builders before save.
 	MatchModeValidator func(string) error
 	// DefaultPassthroughCode holds the default value on creation for the "passthrough_code" field.
 	DefaultPassthroughCode bool
 	// DefaultPassthroughBody holds the default value on creation for the "passthrough_body" field.
 	DefaultPassthroughBody bool
 	// DefaultSkipMonitoring holds the default value on creation for the "skip_monitoring" field.
 	DefaultSkipMonitoring bool
 )
 // OrderOption defines the ordering options for the ErrorPassthroughRule queries.
 type OrderOption func(*sql.Selector)
 // ByID orders the results by the id field.
 func ByID(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldID, opts...).ToFunc()
 }
 // ByCreatedAt orders the results by the created_at field.
 func ByCreatedAt(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldCreatedAt, opts...).ToFunc()
 }
 // ByUpdatedAt orders the results by the updated_at field.
 func ByUpdatedAt(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldUpdatedAt, opts...).ToFunc()
 }
 // ByName orders the results by the name field.
 func ByName(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldName, opts...).ToFunc()
 }
 // ByEnabled orders the results by the enabled field.
 func ByEnabled(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldEnabled, opts...).ToFunc()
 }
 // ByPriority orders the results by the priority field.
 func ByPriority(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldPriority, opts...).ToFunc()
 }
 // ByMatchMode orders the results by the match_mode field.
 func ByMatchMode(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldMatchMode, opts...).ToFunc()
 }
 // ByPassthroughCode orders the results by the passthrough_code field.
 func ByPassthroughCode(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldPassthroughCode, opts...).ToFunc()
 }
 // ByResponseCode orders the results by the response_code field.
 func ByResponseCode(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldResponseCode, opts...).ToFunc()
 }
 // ByPassthroughBody orders the results by the passthrough_body field.
 func ByPassthroughBody(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldPassthroughBody, opts...).ToFunc()
 }
 // ByCustomMessage orders the results by the custom_message field.
 func ByCustomMessage(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldCustomMessage, opts...).ToFunc()
 }
 // BySkipMonitoring orders the results by the skip_monitoring field.
 func BySkipMonitoring(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldSkipMonitoring, opts...).ToFunc()
 }
 // ByDescription orders the results by the description field.
 func ByDescription(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldDescription, opts...).ToFunc()
 }
--- a/backend/ent/errorpassthroughrule/where.go
+++ b/backend/ent/errorpassthroughrule/where.go
@@ -0,0 +1,650 @@
 // Code generated by ent, DO NOT EDIT.
 package errorpassthroughrule
 import (
 	"time"
 	"entgo.io/ent/dialect/sql"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 )
 // ID filters vertices based on their ID field.
 func ID(id int64) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldID, id))
 }
 // IDEQ applies the EQ predicate on the ID field.
 func IDEQ(id int64) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldID, id))
 }
 // IDNEQ applies the NEQ predicate on the ID field.
 func IDNEQ(id int64) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNEQ(FieldID, id))
 }
 // IDIn applies the In predicate on the ID field.
 func IDIn(ids ...int64) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldIn(FieldID, ids...))
 }
 // IDNotIn applies the NotIn predicate on the ID field.
 func IDNotIn(ids ...int64) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNotIn(FieldID, ids...))
 }
 // IDGT applies the GT predicate on the ID field.
 func IDGT(id int64) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGT(FieldID, id))
 }
 // IDGTE applies the GTE predicate on the ID field.
 func IDGTE(id int64) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGTE(FieldID, id))
 }
 // IDLT applies the LT predicate on the ID field.
 func IDLT(id int64) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLT(FieldID, id))
 }
 // IDLTE applies the LTE predicate on the ID field.
 func IDLTE(id int64) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLTE(FieldID, id))
 }
 // CreatedAt applies equality check predicate on the "created_at" field. It's identical to CreatedAtEQ.
 func CreatedAt(v time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldCreatedAt, v))
 }
 // UpdatedAt applies equality check predicate on the "updated_at" field. It's identical to UpdatedAtEQ.
 func UpdatedAt(v time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldUpdatedAt, v))
 }
 // Name applies equality check predicate on the "name" field. It's identical to NameEQ.
 func Name(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldName, v))
 }
 // Enabled applies equality check predicate on the "enabled" field. It's identical to EnabledEQ.
 func Enabled(v bool) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldEnabled, v))
 }
 // Priority applies equality check predicate on the "priority" field. It's identical to PriorityEQ.
 func Priority(v int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldPriority, v))
 }
 // MatchMode applies equality check predicate on the "match_mode" field. It's identical to MatchModeEQ.
 func MatchMode(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldMatchMode, v))
 }
 // PassthroughCode applies equality check predicate on the "passthrough_code" field. It's identical to PassthroughCodeEQ.
 func PassthroughCode(v bool) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldPassthroughCode, v))
 }
 // ResponseCode applies equality check predicate on the "response_code" field. It's identical to ResponseCodeEQ.
 func ResponseCode(v int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldResponseCode, v))
 }
 // PassthroughBody applies equality check predicate on the "passthrough_body" field. It's identical to PassthroughBodyEQ.
 func PassthroughBody(v bool) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldPassthroughBody, v))
 }
 // CustomMessage applies equality check predicate on the "custom_message" field. It's identical to CustomMessageEQ.
 func CustomMessage(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldCustomMessage, v))
 }
 // SkipMonitoring applies equality check predicate on the "skip_monitoring" field. It's identical to SkipMonitoringEQ.
 func SkipMonitoring(v bool) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldSkipMonitoring, v))
 }
 // Description applies equality check predicate on the "description" field. It's identical to DescriptionEQ.
 func Description(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldDescription, v))
 }
 // CreatedAtEQ applies the EQ predicate on the "created_at" field.
 func CreatedAtEQ(v time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldCreatedAt, v))
 }
 // CreatedAtNEQ applies the NEQ predicate on the "created_at" field.
 func CreatedAtNEQ(v time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNEQ(FieldCreatedAt, v))
 }
 // CreatedAtIn applies the In predicate on the "created_at" field.
 func CreatedAtIn(vs ...time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldIn(FieldCreatedAt, vs...))
 }
 // CreatedAtNotIn applies the NotIn predicate on the "created_at" field.
 func CreatedAtNotIn(vs ...time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNotIn(FieldCreatedAt, vs...))
 }
 // CreatedAtGT applies the GT predicate on the "created_at" field.
 func CreatedAtGT(v time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGT(FieldCreatedAt, v))
 }
 // CreatedAtGTE applies the GTE predicate on the "created_at" field.
 func CreatedAtGTE(v time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGTE(FieldCreatedAt, v))
 }
 // CreatedAtLT applies the LT predicate on the "created_at" field.
 func CreatedAtLT(v time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLT(FieldCreatedAt, v))
 }
 // CreatedAtLTE applies the LTE predicate on the "created_at" field.
 func CreatedAtLTE(v time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLTE(FieldCreatedAt, v))
 }
 // UpdatedAtEQ applies the EQ predicate on the "updated_at" field.
 func UpdatedAtEQ(v time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldUpdatedAt, v))
 }
 // UpdatedAtNEQ applies the NEQ predicate on the "updated_at" field.
 func UpdatedAtNEQ(v time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNEQ(FieldUpdatedAt, v))
 }
 // UpdatedAtIn applies the In predicate on the "updated_at" field.
 func UpdatedAtIn(vs ...time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldIn(FieldUpdatedAt, vs...))
 }
 // UpdatedAtNotIn applies the NotIn predicate on the "updated_at" field.
 func UpdatedAtNotIn(vs ...time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNotIn(FieldUpdatedAt, vs...))
 }
 // UpdatedAtGT applies the GT predicate on the "updated_at" field.
 func UpdatedAtGT(v time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGT(FieldUpdatedAt, v))
 }
 // UpdatedAtGTE applies the GTE predicate on the "updated_at" field.
 func UpdatedAtGTE(v time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGTE(FieldUpdatedAt, v))
 }
 // UpdatedAtLT applies the LT predicate on the "updated_at" field.
 func UpdatedAtLT(v time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLT(FieldUpdatedAt, v))
 }
 // UpdatedAtLTE applies the LTE predicate on the "updated_at" field.
 func UpdatedAtLTE(v time.Time) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLTE(FieldUpdatedAt, v))
 }
 // NameEQ applies the EQ predicate on the "name" field.
 func NameEQ(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldName, v))
 }
 // NameNEQ applies the NEQ predicate on the "name" field.
 func NameNEQ(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNEQ(FieldName, v))
 }
 // NameIn applies the In predicate on the "name" field.
 func NameIn(vs ...string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldIn(FieldName, vs...))
 }
 // NameNotIn applies the NotIn predicate on the "name" field.
 func NameNotIn(vs ...string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNotIn(FieldName, vs...))
 }
 // NameGT applies the GT predicate on the "name" field.
 func NameGT(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGT(FieldName, v))
 }
 // NameGTE applies the GTE predicate on the "name" field.
 func NameGTE(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGTE(FieldName, v))
 }
 // NameLT applies the LT predicate on the "name" field.
 func NameLT(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLT(FieldName, v))
 }
 // NameLTE applies the LTE predicate on the "name" field.
 func NameLTE(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLTE(FieldName, v))
 }
 // NameContains applies the Contains predicate on the "name" field.
 func NameContains(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldContains(FieldName, v))
 }
 // NameHasPrefix applies the HasPrefix predicate on the "name" field.
 func NameHasPrefix(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldHasPrefix(FieldName, v))
 }
 // NameHasSuffix applies the HasSuffix predicate on the "name" field.
 func NameHasSuffix(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldHasSuffix(FieldName, v))
 }
 // NameEqualFold applies the EqualFold predicate on the "name" field.
 func NameEqualFold(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEqualFold(FieldName, v))
 }
 // NameContainsFold applies the ContainsFold predicate on the "name" field.
 func NameContainsFold(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldContainsFold(FieldName, v))
 }
 // EnabledEQ applies the EQ predicate on the "enabled" field.
 func EnabledEQ(v bool) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldEnabled, v))
 }
 // EnabledNEQ applies the NEQ predicate on the "enabled" field.
 func EnabledNEQ(v bool) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNEQ(FieldEnabled, v))
 }
 // PriorityEQ applies the EQ predicate on the "priority" field.
 func PriorityEQ(v int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldPriority, v))
 }
 // PriorityNEQ applies the NEQ predicate on the "priority" field.
 func PriorityNEQ(v int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNEQ(FieldPriority, v))
 }
 // PriorityIn applies the In predicate on the "priority" field.
 func PriorityIn(vs ...int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldIn(FieldPriority, vs...))
 }
 // PriorityNotIn applies the NotIn predicate on the "priority" field.
 func PriorityNotIn(vs ...int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNotIn(FieldPriority, vs...))
 }
 // PriorityGT applies the GT predicate on the "priority" field.
 func PriorityGT(v int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGT(FieldPriority, v))
 }
 // PriorityGTE applies the GTE predicate on the "priority" field.
 func PriorityGTE(v int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGTE(FieldPriority, v))
 }
 // PriorityLT applies the LT predicate on the "priority" field.
 func PriorityLT(v int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLT(FieldPriority, v))
 }
 // PriorityLTE applies the LTE predicate on the "priority" field.
 func PriorityLTE(v int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLTE(FieldPriority, v))
 }
 // ErrorCodesIsNil applies the IsNil predicate on the "error_codes" field.
 func ErrorCodesIsNil() predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldIsNull(FieldErrorCodes))
 }
 // ErrorCodesNotNil applies the NotNil predicate on the "error_codes" field.
 func ErrorCodesNotNil() predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNotNull(FieldErrorCodes))
 }
 // KeywordsIsNil applies the IsNil predicate on the "keywords" field.
 func KeywordsIsNil() predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldIsNull(FieldKeywords))
 }
 // KeywordsNotNil applies the NotNil predicate on the "keywords" field.
 func KeywordsNotNil() predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNotNull(FieldKeywords))
 }
 // MatchModeEQ applies the EQ predicate on the "match_mode" field.
 func MatchModeEQ(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldMatchMode, v))
 }
 // MatchModeNEQ applies the NEQ predicate on the "match_mode" field.
 func MatchModeNEQ(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNEQ(FieldMatchMode, v))
 }
 // MatchModeIn applies the In predicate on the "match_mode" field.
 func MatchModeIn(vs ...string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldIn(FieldMatchMode, vs...))
 }
 // MatchModeNotIn applies the NotIn predicate on the "match_mode" field.
 func MatchModeNotIn(vs ...string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNotIn(FieldMatchMode, vs...))
 }
 // MatchModeGT applies the GT predicate on the "match_mode" field.
 func MatchModeGT(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGT(FieldMatchMode, v))
 }
 // MatchModeGTE applies the GTE predicate on the "match_mode" field.
 func MatchModeGTE(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGTE(FieldMatchMode, v))
 }
 // MatchModeLT applies the LT predicate on the "match_mode" field.
 func MatchModeLT(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLT(FieldMatchMode, v))
 }
 // MatchModeLTE applies the LTE predicate on the "match_mode" field.
 func MatchModeLTE(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLTE(FieldMatchMode, v))
 }
 // MatchModeContains applies the Contains predicate on the "match_mode" field.
 func MatchModeContains(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldContains(FieldMatchMode, v))
 }
 // MatchModeHasPrefix applies the HasPrefix predicate on the "match_mode" field.
 func MatchModeHasPrefix(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldHasPrefix(FieldMatchMode, v))
 }
 // MatchModeHasSuffix applies the HasSuffix predicate on the "match_mode" field.
 func MatchModeHasSuffix(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldHasSuffix(FieldMatchMode, v))
 }
 // MatchModeEqualFold applies the EqualFold predicate on the "match_mode" field.
 func MatchModeEqualFold(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEqualFold(FieldMatchMode, v))
 }
 // MatchModeContainsFold applies the ContainsFold predicate on the "match_mode" field.
 func MatchModeContainsFold(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldContainsFold(FieldMatchMode, v))
 }
 // PlatformsIsNil applies the IsNil predicate on the "platforms" field.
 func PlatformsIsNil() predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldIsNull(FieldPlatforms))
 }
 // PlatformsNotNil applies the NotNil predicate on the "platforms" field.
 func PlatformsNotNil() predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNotNull(FieldPlatforms))
 }
 // PassthroughCodeEQ applies the EQ predicate on the "passthrough_code" field.
 func PassthroughCodeEQ(v bool) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldPassthroughCode, v))
 }
 // PassthroughCodeNEQ applies the NEQ predicate on the "passthrough_code" field.
 func PassthroughCodeNEQ(v bool) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNEQ(FieldPassthroughCode, v))
 }
 // ResponseCodeEQ applies the EQ predicate on the "response_code" field.
 func ResponseCodeEQ(v int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldResponseCode, v))
 }
 // ResponseCodeNEQ applies the NEQ predicate on the "response_code" field.
 func ResponseCodeNEQ(v int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNEQ(FieldResponseCode, v))
 }
 // ResponseCodeIn applies the In predicate on the "response_code" field.
 func ResponseCodeIn(vs ...int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldIn(FieldResponseCode, vs...))
 }
 // ResponseCodeNotIn applies the NotIn predicate on the "response_code" field.
 func ResponseCodeNotIn(vs ...int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNotIn(FieldResponseCode, vs...))
 }
 // ResponseCodeGT applies the GT predicate on the "response_code" field.
 func ResponseCodeGT(v int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGT(FieldResponseCode, v))
 }
 // ResponseCodeGTE applies the GTE predicate on the "response_code" field.
 func ResponseCodeGTE(v int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGTE(FieldResponseCode, v))
 }
 // ResponseCodeLT applies the LT predicate on the "response_code" field.
 func ResponseCodeLT(v int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLT(FieldResponseCode, v))
 }
 // ResponseCodeLTE applies the LTE predicate on the "response_code" field.
 func ResponseCodeLTE(v int) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLTE(FieldResponseCode, v))
 }
 // ResponseCodeIsNil applies the IsNil predicate on the "response_code" field.
 func ResponseCodeIsNil() predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldIsNull(FieldResponseCode))
 }
 // ResponseCodeNotNil applies the NotNil predicate on the "response_code" field.
 func ResponseCodeNotNil() predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNotNull(FieldResponseCode))
 }
 // PassthroughBodyEQ applies the EQ predicate on the "passthrough_body" field.
 func PassthroughBodyEQ(v bool) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldPassthroughBody, v))
 }
 // PassthroughBodyNEQ applies the NEQ predicate on the "passthrough_body" field.
 func PassthroughBodyNEQ(v bool) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNEQ(FieldPassthroughBody, v))
 }
 // CustomMessageEQ applies the EQ predicate on the "custom_message" field.
 func CustomMessageEQ(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldCustomMessage, v))
 }
 // CustomMessageNEQ applies the NEQ predicate on the "custom_message" field.
 func CustomMessageNEQ(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNEQ(FieldCustomMessage, v))
 }
 // CustomMessageIn applies the In predicate on the "custom_message" field.
 func CustomMessageIn(vs ...string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldIn(FieldCustomMessage, vs...))
 }
 // CustomMessageNotIn applies the NotIn predicate on the "custom_message" field.
 func CustomMessageNotIn(vs ...string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNotIn(FieldCustomMessage, vs...))
 }
 // CustomMessageGT applies the GT predicate on the "custom_message" field.
 func CustomMessageGT(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGT(FieldCustomMessage, v))
 }
 // CustomMessageGTE applies the GTE predicate on the "custom_message" field.
 func CustomMessageGTE(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGTE(FieldCustomMessage, v))
 }
 // CustomMessageLT applies the LT predicate on the "custom_message" field.
 func CustomMessageLT(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLT(FieldCustomMessage, v))
 }
 // CustomMessageLTE applies the LTE predicate on the "custom_message" field.
 func CustomMessageLTE(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLTE(FieldCustomMessage, v))
 }
 // CustomMessageContains applies the Contains predicate on the "custom_message" field.
 func CustomMessageContains(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldContains(FieldCustomMessage, v))
 }
 // CustomMessageHasPrefix applies the HasPrefix predicate on the "custom_message" field.
 func CustomMessageHasPrefix(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldHasPrefix(FieldCustomMessage, v))
 }
 // CustomMessageHasSuffix applies the HasSuffix predicate on the "custom_message" field.
 func CustomMessageHasSuffix(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldHasSuffix(FieldCustomMessage, v))
 }
 // CustomMessageIsNil applies the IsNil predicate on the "custom_message" field.
 func CustomMessageIsNil() predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldIsNull(FieldCustomMessage))
 }
 // CustomMessageNotNil applies the NotNil predicate on the "custom_message" field.
 func CustomMessageNotNil() predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNotNull(FieldCustomMessage))
 }
 // CustomMessageEqualFold applies the EqualFold predicate on the "custom_message" field.
 func CustomMessageEqualFold(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEqualFold(FieldCustomMessage, v))
 }
 // CustomMessageContainsFold applies the ContainsFold predicate on the "custom_message" field.
 func CustomMessageContainsFold(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldContainsFold(FieldCustomMessage, v))
 }
 // SkipMonitoringEQ applies the EQ predicate on the "skip_monitoring" field.
 func SkipMonitoringEQ(v bool) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldSkipMonitoring, v))
 }
 // SkipMonitoringNEQ applies the NEQ predicate on the "skip_monitoring" field.
 func SkipMonitoringNEQ(v bool) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNEQ(FieldSkipMonitoring, v))
 }
 // DescriptionEQ applies the EQ predicate on the "description" field.
 func DescriptionEQ(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEQ(FieldDescription, v))
 }
 // DescriptionNEQ applies the NEQ predicate on the "description" field.
 func DescriptionNEQ(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNEQ(FieldDescription, v))
 }
 // DescriptionIn applies the In predicate on the "description" field.
 func DescriptionIn(vs ...string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldIn(FieldDescription, vs...))
 }
 // DescriptionNotIn applies the NotIn predicate on the "description" field.
 func DescriptionNotIn(vs ...string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNotIn(FieldDescription, vs...))
 }
 // DescriptionGT applies the GT predicate on the "description" field.
 func DescriptionGT(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGT(FieldDescription, v))
 }
 // DescriptionGTE applies the GTE predicate on the "description" field.
 func DescriptionGTE(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldGTE(FieldDescription, v))
 }
 // DescriptionLT applies the LT predicate on the "description" field.
 func DescriptionLT(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLT(FieldDescription, v))
 }
 // DescriptionLTE applies the LTE predicate on the "description" field.
 func DescriptionLTE(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldLTE(FieldDescription, v))
 }
 // DescriptionContains applies the Contains predicate on the "description" field.
 func DescriptionContains(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldContains(FieldDescription, v))
 }
 // DescriptionHasPrefix applies the HasPrefix predicate on the "description" field.
 func DescriptionHasPrefix(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldHasPrefix(FieldDescription, v))
 }
 // DescriptionHasSuffix applies the HasSuffix predicate on the "description" field.
 func DescriptionHasSuffix(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldHasSuffix(FieldDescription, v))
 }
 // DescriptionIsNil applies the IsNil predicate on the "description" field.
 func DescriptionIsNil() predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldIsNull(FieldDescription))
 }
 // DescriptionNotNil applies the NotNil predicate on the "description" field.
 func DescriptionNotNil() predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldNotNull(FieldDescription))
 }
 // DescriptionEqualFold applies the EqualFold predicate on the "description" field.
 func DescriptionEqualFold(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldEqualFold(FieldDescription, v))
 }
 // DescriptionContainsFold applies the ContainsFold predicate on the "description" field.
 func DescriptionContainsFold(v string) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.FieldContainsFold(FieldDescription, v))
 }
 // And groups predicates with the AND operator between them.
 func And(predicates ...predicate.ErrorPassthroughRule) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.AndPredicates(predicates...))
 }
 // Or groups predicates with the OR operator between them.
 func Or(predicates ...predicate.ErrorPassthroughRule) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.OrPredicates(predicates...))
 }
 // Not applies the not operator on the given predicate.
 func Not(p predicate.ErrorPassthroughRule) predicate.ErrorPassthroughRule {
 	return predicate.ErrorPassthroughRule(sql.NotPredicates(p))
 }
--- a/backend/ent/errorpassthroughrule_create.go
+++ b/backend/ent/errorpassthroughrule_create.go
--- a/backend/ent/errorpassthroughrule_delete.go
+++ b/backend/ent/errorpassthroughrule_delete.go
@@ -0,0 +1,88 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"context"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/errorpassthroughrule"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 )
 // ErrorPassthroughRuleDelete is the builder for deleting a ErrorPassthroughRule entity.
 type ErrorPassthroughRuleDelete struct {
 	config
 	hooks    []Hook
 	mutation *ErrorPassthroughRuleMutation
 }
 // Where appends a list predicates to the ErrorPassthroughRuleDelete builder.
 func (_d *ErrorPassthroughRuleDelete) Where(ps ...predicate.ErrorPassthroughRule) *ErrorPassthroughRuleDelete {
 	_d.mutation.Where(ps...)
 	return _d
 }
 // Exec executes the deletion query and returns how many vertices were deleted.
 func (_d *ErrorPassthroughRuleDelete) Exec(ctx context.Context) (int, error) {
 	return withHooks(ctx, _d.sqlExec, _d.mutation, _d.hooks)
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_d *ErrorPassthroughRuleDelete) ExecX(ctx context.Context) int {
 	n, err := _d.Exec(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return n
 }
 func (_d *ErrorPassthroughRuleDelete) sqlExec(ctx context.Context) (int, error) {
 	_spec := sqlgraph.NewDeleteSpec(errorpassthroughrule.Table, sqlgraph.NewFieldSpec(errorpassthroughrule.FieldID, field.TypeInt64))
 	if ps := _d.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	affected, err := sqlgraph.DeleteNodes(ctx, _d.driver, _spec)
 	if err != nil && sqlgraph.IsConstraintError(err) {
 		err = &ConstraintError{msg: err.Error(), wrap: err}
 	}
 	_d.mutation.done = true
 	return affected, err
 }
 // ErrorPassthroughRuleDeleteOne is the builder for deleting a single ErrorPassthroughRule entity.
 type ErrorPassthroughRuleDeleteOne struct {
 	_d *ErrorPassthroughRuleDelete
 }
 // Where appends a list predicates to the ErrorPassthroughRuleDelete builder.
 func (_d *ErrorPassthroughRuleDeleteOne) Where(ps ...predicate.ErrorPassthroughRule) *ErrorPassthroughRuleDeleteOne {
 	_d._d.mutation.Where(ps...)
 	return _d
 }
 // Exec executes the deletion query.
 func (_d *ErrorPassthroughRuleDeleteOne) Exec(ctx context.Context) error {
 	n, err := _d._d.Exec(ctx)
 	switch {
 	case err != nil:
 		return err
 	case n == 0:
 		return &NotFoundError{errorpassthroughrule.Label}
 	default:
 		return nil
 	}
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_d *ErrorPassthroughRuleDeleteOne) ExecX(ctx context.Context) {
 	if err := _d.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
--- a/backend/ent/errorpassthroughrule_query.go
+++ b/backend/ent/errorpassthroughrule_query.go
@@ -0,0 +1,564 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"context"
 	"fmt"
 	"math"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/errorpassthroughrule"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 )
 // ErrorPassthroughRuleQuery is the builder for querying ErrorPassthroughRule entities.
 type ErrorPassthroughRuleQuery struct {
 	config
 	ctx        *QueryContext
 	order      []errorpassthroughrule.OrderOption
 	inters     []Interceptor
 	predicates []predicate.ErrorPassthroughRule
 	modifiers  []func(*sql.Selector)
 	// intermediate query (i.e. traversal path).
 	sql  *sql.Selector
 	path func(context.Context) (*sql.Selector, error)
 }
 // Where adds a new predicate for the ErrorPassthroughRuleQuery builder.
 func (_q *ErrorPassthroughRuleQuery) Where(ps ...predicate.ErrorPassthroughRule) *ErrorPassthroughRuleQuery {
 	_q.predicates = append(_q.predicates, ps...)
 	return _q
 }
 // Limit the number of records to be returned by this query.
 func (_q *ErrorPassthroughRuleQuery) Limit(limit int) *ErrorPassthroughRuleQuery {
 	_q.ctx.Limit = &limit
 	return _q
 }
 // Offset to start from.
 func (_q *ErrorPassthroughRuleQuery) Offset(offset int) *ErrorPassthroughRuleQuery {
 	_q.ctx.Offset = &offset
 	return _q
 }
 // Unique configures the query builder to filter duplicate records on query.
 // By default, unique is set to true, and can be disabled using this method.
 func (_q *ErrorPassthroughRuleQuery) Unique(unique bool) *ErrorPassthroughRuleQuery {
 	_q.ctx.Unique = &unique
 	return _q
 }
 // Order specifies how the records should be ordered.
 func (_q *ErrorPassthroughRuleQuery) Order(o ...errorpassthroughrule.OrderOption) *ErrorPassthroughRuleQuery {
 	_q.order = append(_q.order, o...)
 	return _q
 }
 // First returns the first ErrorPassthroughRule entity from the query.
 // Returns a *NotFoundError when no ErrorPassthroughRule was found.
 func (_q *ErrorPassthroughRuleQuery) First(ctx context.Context) (*ErrorPassthroughRule, error) {
 	nodes, err := _q.Limit(1).All(setContextOp(ctx, _q.ctx, ent.OpQueryFirst))
 	if err != nil {
 		return nil, err
 	}
 	if len(nodes) == 0 {
 		return nil, &NotFoundError{errorpassthroughrule.Label}
 	}
 	return nodes[0], nil
 }
 // FirstX is like First, but panics if an error occurs.
 func (_q *ErrorPassthroughRuleQuery) FirstX(ctx context.Context) *ErrorPassthroughRule {
 	node, err := _q.First(ctx)
 	if err != nil && !IsNotFound(err) {
 		panic(err)
 	}
 	return node
 }
 // FirstID returns the first ErrorPassthroughRule ID from the query.
 // Returns a *NotFoundError when no ErrorPassthroughRule ID was found.
 func (_q *ErrorPassthroughRuleQuery) FirstID(ctx context.Context) (id int64, err error) {
 	var ids []int64
 	if ids, err = _q.Limit(1).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryFirstID)); err != nil {
 		return
 	}
 	if len(ids) == 0 {
 		err = &NotFoundError{errorpassthroughrule.Label}
 		return
 	}
 	return ids[0], nil
 }
 // FirstIDX is like FirstID, but panics if an error occurs.
 func (_q *ErrorPassthroughRuleQuery) FirstIDX(ctx context.Context) int64 {
 	id, err := _q.FirstID(ctx)
 	if err != nil && !IsNotFound(err) {
 		panic(err)
 	}
 	return id
 }
 // Only returns a single ErrorPassthroughRule entity found by the query, ensuring it only returns one.
 // Returns a *NotSingularError when more than one ErrorPassthroughRule entity is found.
 // Returns a *NotFoundError when no ErrorPassthroughRule entities are found.
 func (_q *ErrorPassthroughRuleQuery) Only(ctx context.Context) (*ErrorPassthroughRule, error) {
 	nodes, err := _q.Limit(2).All(setContextOp(ctx, _q.ctx, ent.OpQueryOnly))
 	if err != nil {
 		return nil, err
 	}
 	switch len(nodes) {
 	case 1:
 		return nodes[0], nil
 	case 0:
 		return nil, &NotFoundError{errorpassthroughrule.Label}
 	default:
 		return nil, &NotSingularError{errorpassthroughrule.Label}
 	}
 }
 // OnlyX is like Only, but panics if an error occurs.
 func (_q *ErrorPassthroughRuleQuery) OnlyX(ctx context.Context) *ErrorPassthroughRule {
 	node, err := _q.Only(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return node
 }
 // OnlyID is like Only, but returns the only ErrorPassthroughRule ID in the query.
 // Returns a *NotSingularError when more than one ErrorPassthroughRule ID is found.
 // Returns a *NotFoundError when no entities are found.
 func (_q *ErrorPassthroughRuleQuery) OnlyID(ctx context.Context) (id int64, err error) {
 	var ids []int64
 	if ids, err = _q.Limit(2).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryOnlyID)); err != nil {
 		return
 	}
 	switch len(ids) {
 	case 1:
 		id = ids[0]
 	case 0:
 		err = &NotFoundError{errorpassthroughrule.Label}
 	default:
 		err = &NotSingularError{errorpassthroughrule.Label}
 	}
 	return
 }
 // OnlyIDX is like OnlyID, but panics if an error occurs.
 func (_q *ErrorPassthroughRuleQuery) OnlyIDX(ctx context.Context) int64 {
 	id, err := _q.OnlyID(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return id
 }
 // All executes the query and returns a list of ErrorPassthroughRules.
 func (_q *ErrorPassthroughRuleQuery) All(ctx context.Context) ([]*ErrorPassthroughRule, error) {
 	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryAll)
 	if err := _q.prepareQuery(ctx); err != nil {
 		return nil, err
 	}
 	qr := querierAll[[]*ErrorPassthroughRule, *ErrorPassthroughRuleQuery]()
 	return withInterceptors[[]*ErrorPassthroughRule](ctx, _q, qr, _q.inters)
 }
 // AllX is like All, but panics if an error occurs.
 func (_q *ErrorPassthroughRuleQuery) AllX(ctx context.Context) []*ErrorPassthroughRule {
 	nodes, err := _q.All(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return nodes
 }
 // IDs executes the query and returns a list of ErrorPassthroughRule IDs.
 func (_q *ErrorPassthroughRuleQuery) IDs(ctx context.Context) (ids []int64, err error) {
 	if _q.ctx.Unique == nil && _q.path != nil {
 		_q.Unique(true)
 	}
 	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryIDs)
 	if err = _q.Select(errorpassthroughrule.FieldID).Scan(ctx, &ids); err != nil {
 		return nil, err
 	}
 	return ids, nil
 }
 // IDsX is like IDs, but panics if an error occurs.
 func (_q *ErrorPassthroughRuleQuery) IDsX(ctx context.Context) []int64 {
 	ids, err := _q.IDs(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return ids
 }
 // Count returns the count of the given query.
 func (_q *ErrorPassthroughRuleQuery) Count(ctx context.Context) (int, error) {
 	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryCount)
 	if err := _q.prepareQuery(ctx); err != nil {
 		return 0, err
 	}
 	return withInterceptors[int](ctx, _q, querierCount[*ErrorPassthroughRuleQuery](), _q.inters)
 }
 // CountX is like Count, but panics if an error occurs.
 func (_q *ErrorPassthroughRuleQuery) CountX(ctx context.Context) int {
 	count, err := _q.Count(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return count
 }
 // Exist returns true if the query has elements in the graph.
 func (_q *ErrorPassthroughRuleQuery) Exist(ctx context.Context) (bool, error) {
 	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryExist)
 	switch _, err := _q.FirstID(ctx); {
 	case IsNotFound(err):
 		return false, nil
 	case err != nil:
 		return false, fmt.Errorf("ent: check existence: %w", err)
 	default:
 		return true, nil
 	}
 }
 // ExistX is like Exist, but panics if an error occurs.
 func (_q *ErrorPassthroughRuleQuery) ExistX(ctx context.Context) bool {
 	exist, err := _q.Exist(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return exist
 }
 // Clone returns a duplicate of the ErrorPassthroughRuleQuery builder, including all associated steps. It can be
 // used to prepare common query builders and use them differently after the clone is made.
 func (_q *ErrorPassthroughRuleQuery) Clone() *ErrorPassthroughRuleQuery {
 	if _q == nil {
 		return nil
 	}
 	return &ErrorPassthroughRuleQuery{
 		config:     _q.config,
 		ctx:        _q.ctx.Clone(),
 		order:      append([]errorpassthroughrule.OrderOption{}, _q.order...),
 		inters:     append([]Interceptor{}, _q.inters...),
 		predicates: append([]predicate.ErrorPassthroughRule{}, _q.predicates...),
 		// clone intermediate query.
 		sql:  _q.sql.Clone(),
 		path: _q.path,
 	}
 }
 // GroupBy is used to group vertices by one or more fields/columns.
 // It is often used with aggregate functions, like: count, max, mean, min, sum.
 //
 // Example:
 //
 //	var v []struct {
 //		CreatedAt time.Time `json:"created_at,omitempty"`
 //		Count int `json:"count,omitempty"`
 //	}
 //
 //	client.ErrorPassthroughRule.Query().
 //		GroupBy(errorpassthroughrule.FieldCreatedAt).
 //		Aggregate(ent.Count()).
 //		Scan(ctx, &v)
 func (_q *ErrorPassthroughRuleQuery) GroupBy(field string, fields ...string) *ErrorPassthroughRuleGroupBy {
 	_q.ctx.Fields = append([]string{field}, fields...)
 	grbuild := &ErrorPassthroughRuleGroupBy{build: _q}
 	grbuild.flds = &_q.ctx.Fields
 	grbuild.label = errorpassthroughrule.Label
 	grbuild.scan = grbuild.Scan
 	return grbuild
 }
 // Select allows the selection one or more fields/columns for the given query,
 // instead of selecting all fields in the entity.
 //
 // Example:
 //
 //	var v []struct {
 //		CreatedAt time.Time `json:"created_at,omitempty"`
 //	}
 //
 //	client.ErrorPassthroughRule.Query().
 //		Select(errorpassthroughrule.FieldCreatedAt).
 //		Scan(ctx, &v)
 func (_q *ErrorPassthroughRuleQuery) Select(fields ...string) *ErrorPassthroughRuleSelect {
 	_q.ctx.Fields = append(_q.ctx.Fields, fields...)
 	sbuild := &ErrorPassthroughRuleSelect{ErrorPassthroughRuleQuery: _q}
 	sbuild.label = errorpassthroughrule.Label
 	sbuild.flds, sbuild.scan = &_q.ctx.Fields, sbuild.Scan
 	return sbuild
 }
 // Aggregate returns a ErrorPassthroughRuleSelect configured with the given aggregations.
 func (_q *ErrorPassthroughRuleQuery) Aggregate(fns ...AggregateFunc) *ErrorPassthroughRuleSelect {
 	return _q.Select().Aggregate(fns...)
 }
 func (_q *ErrorPassthroughRuleQuery) prepareQuery(ctx context.Context) error {
 	for _, inter := range _q.inters {
 		if inter == nil {
 			return fmt.Errorf("ent: uninitialized interceptor (forgotten import ent/runtime?)")
 		}
 		if trv, ok := inter.(Traverser); ok {
 			if err := trv.Traverse(ctx, _q); err != nil {
 				return err
 			}
 		}
 	}
 	for _, f := range _q.ctx.Fields {
 		if !errorpassthroughrule.ValidColumn(f) {
 			return &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
 		}
 	}
 	if _q.path != nil {
 		prev, err := _q.path(ctx)
 		if err != nil {
 			return err
 		}
 		_q.sql = prev
 	}
 	return nil
 }
 func (_q *ErrorPassthroughRuleQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*ErrorPassthroughRule, error) {
 	var (
 		nodes = []*ErrorPassthroughRule{}
 		_spec = _q.querySpec()
 	)
 	_spec.ScanValues = func(columns []string) ([]any, error) {
 		return (*ErrorPassthroughRule).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []any) error {
 		node := &ErrorPassthroughRule{config: _q.config}
 		nodes = append(nodes, node)
 		return node.assignValues(columns, values)
 	}
 	if len(_q.modifiers) > 0 {
 		_spec.Modifiers = _q.modifiers
 	}
 	for i := range hooks {
 		hooks[i](ctx, _spec)
 	}
 	if err := sqlgraph.QueryNodes(ctx, _q.driver, _spec); err != nil {
 		return nil, err
 	}
 	if len(nodes) == 0 {
 		return nodes, nil
 	}
 	return nodes, nil
 }
 func (_q *ErrorPassthroughRuleQuery) sqlCount(ctx context.Context) (int, error) {
 	_spec := _q.querySpec()
 	if len(_q.modifiers) > 0 {
 		_spec.Modifiers = _q.modifiers
 	}
 	_spec.Node.Columns = _q.ctx.Fields
 	if len(_q.ctx.Fields) > 0 {
 		_spec.Unique = _q.ctx.Unique != nil && *_q.ctx.Unique
 	}
 	return sqlgraph.CountNodes(ctx, _q.driver, _spec)
 }
 func (_q *ErrorPassthroughRuleQuery) querySpec() *sqlgraph.QuerySpec {
 	_spec := sqlgraph.NewQuerySpec(errorpassthroughrule.Table, errorpassthroughrule.Columns, sqlgraph.NewFieldSpec(errorpassthroughrule.FieldID, field.TypeInt64))
 	_spec.From = _q.sql
 	if unique := _q.ctx.Unique; unique != nil {
 		_spec.Unique = *unique
 	} else if _q.path != nil {
 		_spec.Unique = true
 	}
 	if fields := _q.ctx.Fields; len(fields) > 0 {
 		_spec.Node.Columns = make([]string, 0, len(fields))
 		_spec.Node.Columns = append(_spec.Node.Columns, errorpassthroughrule.FieldID)
 		for i := range fields {
 			if fields[i] != errorpassthroughrule.FieldID {
 				_spec.Node.Columns = append(_spec.Node.Columns, fields[i])
 			}
 		}
 	}
 	if ps := _q.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	if limit := _q.ctx.Limit; limit != nil {
 		_spec.Limit = *limit
 	}
 	if offset := _q.ctx.Offset; offset != nil {
 		_spec.Offset = *offset
 	}
 	if ps := _q.order; len(ps) > 0 {
 		_spec.Order = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	return _spec
 }
 func (_q *ErrorPassthroughRuleQuery) sqlQuery(ctx context.Context) *sql.Selector {
 	builder := sql.Dialect(_q.driver.Dialect())
 	t1 := builder.Table(errorpassthroughrule.Table)
 	columns := _q.ctx.Fields
 	if len(columns) == 0 {
 		columns = errorpassthroughrule.Columns
 	}
 	selector := builder.Select(t1.Columns(columns...)...).From(t1)
 	if _q.sql != nil {
 		selector = _q.sql
 		selector.Select(selector.Columns(columns...)...)
 	}
 	if _q.ctx.Unique != nil && *_q.ctx.Unique {
 		selector.Distinct()
 	}
 	for _, m := range _q.modifiers {
 		m(selector)
 	}
 	for _, p := range _q.predicates {
 		p(selector)
 	}
 	for _, p := range _q.order {
 		p(selector)
 	}
 	if offset := _q.ctx.Offset; offset != nil {
 		// limit is mandatory for offset clause. We start
 		// with default value, and override it below if needed.
 		selector.Offset(*offset).Limit(math.MaxInt32)
 	}
 	if limit := _q.ctx.Limit; limit != nil {
 		selector.Limit(*limit)
 	}
 	return selector
 }
 // ForUpdate locks the selected rows against concurrent updates, and prevent them from being
 // updated, deleted or "selected ... for update" by other sessions, until the transaction is
 // either committed or rolled-back.
 func (_q *ErrorPassthroughRuleQuery) ForUpdate(opts ...sql.LockOption) *ErrorPassthroughRuleQuery {
 	if _q.driver.Dialect() == dialect.Postgres {
 		_q.Unique(false)
 	}
 	_q.modifiers = append(_q.modifiers, func(s *sql.Selector) {
 		s.ForUpdate(opts...)
 	})
 	return _q
 }
 // ForShare behaves similarly to ForUpdate, except that it acquires a shared mode lock
 // on any rows that are read. Other sessions can read the rows, but cannot modify them
 // until your transaction commits.
 func (_q *ErrorPassthroughRuleQuery) ForShare(opts ...sql.LockOption) *ErrorPassthroughRuleQuery {
 	if _q.driver.Dialect() == dialect.Postgres {
 		_q.Unique(false)
 	}
 	_q.modifiers = append(_q.modifiers, func(s *sql.Selector) {
 		s.ForShare(opts...)
 	})
 	return _q
 }
 // ErrorPassthroughRuleGroupBy is the group-by builder for ErrorPassthroughRule entities.
 type ErrorPassthroughRuleGroupBy struct {
 	selector
 	build *ErrorPassthroughRuleQuery
 }
 // Aggregate adds the given aggregation functions to the group-by query.
 func (_g *ErrorPassthroughRuleGroupBy) Aggregate(fns ...AggregateFunc) *ErrorPassthroughRuleGroupBy {
 	_g.fns = append(_g.fns, fns...)
 	return _g
 }
 // Scan applies the selector query and scans the result into the given value.
 func (_g *ErrorPassthroughRuleGroupBy) Scan(ctx context.Context, v any) error {
 	ctx = setContextOp(ctx, _g.build.ctx, ent.OpQueryGroupBy)
 	if err := _g.build.prepareQuery(ctx); err != nil {
 		return err
 	}
 	return scanWithInterceptors[*ErrorPassthroughRuleQuery, *ErrorPassthroughRuleGroupBy](ctx, _g.build, _g, _g.build.inters, v)
 }
 func (_g *ErrorPassthroughRuleGroupBy) sqlScan(ctx context.Context, root *ErrorPassthroughRuleQuery, v any) error {
 	selector := root.sqlQuery(ctx).Select()
 	aggregation := make([]string, 0, len(_g.fns))
 	for _, fn := range _g.fns {
 		aggregation = append(aggregation, fn(selector))
 	}
 	if len(selector.SelectedColumns()) == 0 {
 		columns := make([]string, 0, len(*_g.flds)+len(_g.fns))
 		for _, f := range *_g.flds {
 			columns = append(columns, selector.C(f))
 		}
 		columns = append(columns, aggregation...)
 		selector.Select(columns...)
 	}
 	selector.GroupBy(selector.Columns(*_g.flds...)...)
 	if err := selector.Err(); err != nil {
 		return err
 	}
 	rows := &sql.Rows{}
 	query, args := selector.Query()
 	if err := _g.build.driver.Query(ctx, query, args, rows); err != nil {
 		return err
 	}
 	defer rows.Close()
 	return sql.ScanSlice(rows, v)
 }
 // ErrorPassthroughRuleSelect is the builder for selecting fields of ErrorPassthroughRule entities.
 type ErrorPassthroughRuleSelect struct {
 	*ErrorPassthroughRuleQuery
 	selector
 }
 // Aggregate adds the given aggregation functions to the selector query.
 func (_s *ErrorPassthroughRuleSelect) Aggregate(fns ...AggregateFunc) *ErrorPassthroughRuleSelect {
 	_s.fns = append(_s.fns, fns...)
 	return _s
 }
 // Scan applies the selector query and scans the result into the given value.
 func (_s *ErrorPassthroughRuleSelect) Scan(ctx context.Context, v any) error {
 	ctx = setContextOp(ctx, _s.ctx, ent.OpQuerySelect)
 	if err := _s.prepareQuery(ctx); err != nil {
 		return err
 	}
 	return scanWithInterceptors[*ErrorPassthroughRuleQuery, *ErrorPassthroughRuleSelect](ctx, _s.ErrorPassthroughRuleQuery, _s, _s.inters, v)
 }
 func (_s *ErrorPassthroughRuleSelect) sqlScan(ctx context.Context, root *ErrorPassthroughRuleQuery, v any) error {
 	selector := root.sqlQuery(ctx)
 	aggregation := make([]string, 0, len(_s.fns))
 	for _, fn := range _s.fns {
 		aggregation = append(aggregation, fn(selector))
 	}
 	switch n := len(*_s.selector.flds); {
 	case n == 0 && len(aggregation) > 0:
 		selector.Select(aggregation...)
 	case n != 0 && len(aggregation) > 0:
 		selector.AppendSelect(aggregation...)
 	}
 	rows := &sql.Rows{}
 	query, args := selector.Query()
 	if err := _s.driver.Query(ctx, query, args, rows); err != nil {
 		return err
 	}
 	defer rows.Close()
 	return sql.ScanSlice(rows, v)
 }
--- a/backend/ent/errorpassthroughrule_update.go
+++ b/backend/ent/errorpassthroughrule_update.go
@@ -0,0 +1,857 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"context"
 	"errors"
 	"fmt"
 	"time"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/dialect/sql/sqljson"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/errorpassthroughrule"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 )
 // ErrorPassthroughRuleUpdate is the builder for updating ErrorPassthroughRule entities.
 type ErrorPassthroughRuleUpdate struct {
 	config
 	hooks    []Hook
 	mutation *ErrorPassthroughRuleMutation
 }
 // Where appends a list predicates to the ErrorPassthroughRuleUpdate builder.
 func (_u *ErrorPassthroughRuleUpdate) Where(ps ...predicate.ErrorPassthroughRule) *ErrorPassthroughRuleUpdate {
 	_u.mutation.Where(ps...)
 	return _u
 }
 // SetUpdatedAt sets the "updated_at" field.
 func (_u *ErrorPassthroughRuleUpdate) SetUpdatedAt(v time.Time) *ErrorPassthroughRuleUpdate {
 	_u.mutation.SetUpdatedAt(v)
 	return _u
 }
 // SetName sets the "name" field.
 func (_u *ErrorPassthroughRuleUpdate) SetName(v string) *ErrorPassthroughRuleUpdate {
 	_u.mutation.SetName(v)
 	return _u
 }
 // SetNillableName sets the "name" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdate) SetNillableName(v *string) *ErrorPassthroughRuleUpdate {
 	if v != nil {
 		_u.SetName(*v)
 	}
 	return _u
 }
 // SetEnabled sets the "enabled" field.
 func (_u *ErrorPassthroughRuleUpdate) SetEnabled(v bool) *ErrorPassthroughRuleUpdate {
 	_u.mutation.SetEnabled(v)
 	return _u
 }
 // SetNillableEnabled sets the "enabled" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdate) SetNillableEnabled(v *bool) *ErrorPassthroughRuleUpdate {
 	if v != nil {
 		_u.SetEnabled(*v)
 	}
 	return _u
 }
 // SetPriority sets the "priority" field.
 func (_u *ErrorPassthroughRuleUpdate) SetPriority(v int) *ErrorPassthroughRuleUpdate {
 	_u.mutation.ResetPriority()
 	_u.mutation.SetPriority(v)
 	return _u
 }
 // SetNillablePriority sets the "priority" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdate) SetNillablePriority(v *int) *ErrorPassthroughRuleUpdate {
 	if v != nil {
 		_u.SetPriority(*v)
 	}
 	return _u
 }
 // AddPriority adds value to the "priority" field.
 func (_u *ErrorPassthroughRuleUpdate) AddPriority(v int) *ErrorPassthroughRuleUpdate {
 	_u.mutation.AddPriority(v)
 	return _u
 }
 // SetErrorCodes sets the "error_codes" field.
 func (_u *ErrorPassthroughRuleUpdate) SetErrorCodes(v []int) *ErrorPassthroughRuleUpdate {
 	_u.mutation.SetErrorCodes(v)
 	return _u
 }
 // AppendErrorCodes appends value to the "error_codes" field.
 func (_u *ErrorPassthroughRuleUpdate) AppendErrorCodes(v []int) *ErrorPassthroughRuleUpdate {
 	_u.mutation.AppendErrorCodes(v)
 	return _u
 }
 // ClearErrorCodes clears the value of the "error_codes" field.
 func (_u *ErrorPassthroughRuleUpdate) ClearErrorCodes() *ErrorPassthroughRuleUpdate {
 	_u.mutation.ClearErrorCodes()
 	return _u
 }
 // SetKeywords sets the "keywords" field.
 func (_u *ErrorPassthroughRuleUpdate) SetKeywords(v []string) *ErrorPassthroughRuleUpdate {
 	_u.mutation.SetKeywords(v)
 	return _u
 }
 // AppendKeywords appends value to the "keywords" field.
 func (_u *ErrorPassthroughRuleUpdate) AppendKeywords(v []string) *ErrorPassthroughRuleUpdate {
 	_u.mutation.AppendKeywords(v)
 	return _u
 }
 // ClearKeywords clears the value of the "keywords" field.
 func (_u *ErrorPassthroughRuleUpdate) ClearKeywords() *ErrorPassthroughRuleUpdate {
 	_u.mutation.ClearKeywords()
 	return _u
 }
 // SetMatchMode sets the "match_mode" field.
 func (_u *ErrorPassthroughRuleUpdate) SetMatchMode(v string) *ErrorPassthroughRuleUpdate {
 	_u.mutation.SetMatchMode(v)
 	return _u
 }
 // SetNillableMatchMode sets the "match_mode" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdate) SetNillableMatchMode(v *string) *ErrorPassthroughRuleUpdate {
 	if v != nil {
 		_u.SetMatchMode(*v)
 	}
 	return _u
 }
 // SetPlatforms sets the "platforms" field.
 func (_u *ErrorPassthroughRuleUpdate) SetPlatforms(v []string) *ErrorPassthroughRuleUpdate {
 	_u.mutation.SetPlatforms(v)
 	return _u
 }
 // AppendPlatforms appends value to the "platforms" field.
 func (_u *ErrorPassthroughRuleUpdate) AppendPlatforms(v []string) *ErrorPassthroughRuleUpdate {
 	_u.mutation.AppendPlatforms(v)
 	return _u
 }
 // ClearPlatforms clears the value of the "platforms" field.
 func (_u *ErrorPassthroughRuleUpdate) ClearPlatforms() *ErrorPassthroughRuleUpdate {
 	_u.mutation.ClearPlatforms()
 	return _u
 }
 // SetPassthroughCode sets the "passthrough_code" field.
 func (_u *ErrorPassthroughRuleUpdate) SetPassthroughCode(v bool) *ErrorPassthroughRuleUpdate {
 	_u.mutation.SetPassthroughCode(v)
 	return _u
 }
 // SetNillablePassthroughCode sets the "passthrough_code" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdate) SetNillablePassthroughCode(v *bool) *ErrorPassthroughRuleUpdate {
 	if v != nil {
 		_u.SetPassthroughCode(*v)
 	}
 	return _u
 }
 // SetResponseCode sets the "response_code" field.
 func (_u *ErrorPassthroughRuleUpdate) SetResponseCode(v int) *ErrorPassthroughRuleUpdate {
 	_u.mutation.ResetResponseCode()
 	_u.mutation.SetResponseCode(v)
 	return _u
 }
 // SetNillableResponseCode sets the "response_code" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdate) SetNillableResponseCode(v *int) *ErrorPassthroughRuleUpdate {
 	if v != nil {
 		_u.SetResponseCode(*v)
 	}
 	return _u
 }
 // AddResponseCode adds value to the "response_code" field.
 func (_u *ErrorPassthroughRuleUpdate) AddResponseCode(v int) *ErrorPassthroughRuleUpdate {
 	_u.mutation.AddResponseCode(v)
 	return _u
 }
 // ClearResponseCode clears the value of the "response_code" field.
 func (_u *ErrorPassthroughRuleUpdate) ClearResponseCode() *ErrorPassthroughRuleUpdate {
 	_u.mutation.ClearResponseCode()
 	return _u
 }
 // SetPassthroughBody sets the "passthrough_body" field.
 func (_u *ErrorPassthroughRuleUpdate) SetPassthroughBody(v bool) *ErrorPassthroughRuleUpdate {
 	_u.mutation.SetPassthroughBody(v)
 	return _u
 }
 // SetNillablePassthroughBody sets the "passthrough_body" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdate) SetNillablePassthroughBody(v *bool) *ErrorPassthroughRuleUpdate {
 	if v != nil {
 		_u.SetPassthroughBody(*v)
 	}
 	return _u
 }
 // SetCustomMessage sets the "custom_message" field.
 func (_u *ErrorPassthroughRuleUpdate) SetCustomMessage(v string) *ErrorPassthroughRuleUpdate {
 	_u.mutation.SetCustomMessage(v)
 	return _u
 }
 // SetNillableCustomMessage sets the "custom_message" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdate) SetNillableCustomMessage(v *string) *ErrorPassthroughRuleUpdate {
 	if v != nil {
 		_u.SetCustomMessage(*v)
 	}
 	return _u
 }
 // ClearCustomMessage clears the value of the "custom_message" field.
 func (_u *ErrorPassthroughRuleUpdate) ClearCustomMessage() *ErrorPassthroughRuleUpdate {
 	_u.mutation.ClearCustomMessage()
 	return _u
 }
 // SetSkipMonitoring sets the "skip_monitoring" field.
 func (_u *ErrorPassthroughRuleUpdate) SetSkipMonitoring(v bool) *ErrorPassthroughRuleUpdate {
 	_u.mutation.SetSkipMonitoring(v)
 	return _u
 }
 // SetNillableSkipMonitoring sets the "skip_monitoring" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdate) SetNillableSkipMonitoring(v *bool) *ErrorPassthroughRuleUpdate {
 	if v != nil {
 		_u.SetSkipMonitoring(*v)
 	}
 	return _u
 }
 // SetDescription sets the "description" field.
 func (_u *ErrorPassthroughRuleUpdate) SetDescription(v string) *ErrorPassthroughRuleUpdate {
 	_u.mutation.SetDescription(v)
 	return _u
 }
 // SetNillableDescription sets the "description" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdate) SetNillableDescription(v *string) *ErrorPassthroughRuleUpdate {
 	if v != nil {
 		_u.SetDescription(*v)
 	}
 	return _u
 }
 // ClearDescription clears the value of the "description" field.
 func (_u *ErrorPassthroughRuleUpdate) ClearDescription() *ErrorPassthroughRuleUpdate {
 	_u.mutation.ClearDescription()
 	return _u
 }
 // Mutation returns the ErrorPassthroughRuleMutation object of the builder.
 func (_u *ErrorPassthroughRuleUpdate) Mutation() *ErrorPassthroughRuleMutation {
 	return _u.mutation
 }
 // Save executes the query and returns the number of nodes affected by the update operation.
 func (_u *ErrorPassthroughRuleUpdate) Save(ctx context.Context) (int, error) {
 	_u.defaults()
 	return withHooks(ctx, _u.sqlSave, _u.mutation, _u.hooks)
 }
 // SaveX is like Save, but panics if an error occurs.
 func (_u *ErrorPassthroughRuleUpdate) SaveX(ctx context.Context) int {
 	affected, err := _u.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return affected
 }
 // Exec executes the query.
 func (_u *ErrorPassthroughRuleUpdate) Exec(ctx context.Context) error {
 	_, err := _u.Save(ctx)
 	return err
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_u *ErrorPassthroughRuleUpdate) ExecX(ctx context.Context) {
 	if err := _u.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 // defaults sets the default values of the builder before save.
 func (_u *ErrorPassthroughRuleUpdate) defaults() {
 	if _, ok := _u.mutation.UpdatedAt(); !ok {
 		v := errorpassthroughrule.UpdateDefaultUpdatedAt()
 		_u.mutation.SetUpdatedAt(v)
 	}
 }
 // check runs all checks and user-defined validators on the builder.
 func (_u *ErrorPassthroughRuleUpdate) check() error {
 	if v, ok := _u.mutation.Name(); ok {
 		if err := errorpassthroughrule.NameValidator(v); err != nil {
 			return &ValidationError{Name: "name", err: fmt.Errorf(`ent: validator failed for field "ErrorPassthroughRule.name": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.MatchMode(); ok {
 		if err := errorpassthroughrule.MatchModeValidator(v); err != nil {
 			return &ValidationError{Name: "match_mode", err: fmt.Errorf(`ent: validator failed for field "ErrorPassthroughRule.match_mode": %w`, err)}
 		}
 	}
 	return nil
 }
 func (_u *ErrorPassthroughRuleUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 	if err := _u.check(); err != nil {
 		return _node, err
 	}
 	_spec := sqlgraph.NewUpdateSpec(errorpassthroughrule.Table, errorpassthroughrule.Columns, sqlgraph.NewFieldSpec(errorpassthroughrule.FieldID, field.TypeInt64))
 	if ps := _u.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	if value, ok := _u.mutation.UpdatedAt(); ok {
 		_spec.SetField(errorpassthroughrule.FieldUpdatedAt, field.TypeTime, value)
 	}
 	if value, ok := _u.mutation.Name(); ok {
 		_spec.SetField(errorpassthroughrule.FieldName, field.TypeString, value)
 	}
 	if value, ok := _u.mutation.Enabled(); ok {
 		_spec.SetField(errorpassthroughrule.FieldEnabled, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.Priority(); ok {
 		_spec.SetField(errorpassthroughrule.FieldPriority, field.TypeInt, value)
 	}
 	if value, ok := _u.mutation.AddedPriority(); ok {
 		_spec.AddField(errorpassthroughrule.FieldPriority, field.TypeInt, value)
 	}
 	if value, ok := _u.mutation.ErrorCodes(); ok {
 		_spec.SetField(errorpassthroughrule.FieldErrorCodes, field.TypeJSON, value)
 	}
 	if value, ok := _u.mutation.AppendedErrorCodes(); ok {
 		_spec.AddModifier(func(u *sql.UpdateBuilder) {
 			sqljson.Append(u, errorpassthroughrule.FieldErrorCodes, value)
 		})
 	}
 	if _u.mutation.ErrorCodesCleared() {
 		_spec.ClearField(errorpassthroughrule.FieldErrorCodes, field.TypeJSON)
 	}
 	if value, ok := _u.mutation.Keywords(); ok {
 		_spec.SetField(errorpassthroughrule.FieldKeywords, field.TypeJSON, value)
 	}
 	if value, ok := _u.mutation.AppendedKeywords(); ok {
 		_spec.AddModifier(func(u *sql.UpdateBuilder) {
 			sqljson.Append(u, errorpassthroughrule.FieldKeywords, value)
 		})
 	}
 	if _u.mutation.KeywordsCleared() {
 		_spec.ClearField(errorpassthroughrule.FieldKeywords, field.TypeJSON)
 	}
 	if value, ok := _u.mutation.MatchMode(); ok {
 		_spec.SetField(errorpassthroughrule.FieldMatchMode, field.TypeString, value)
 	}
 	if value, ok := _u.mutation.Platforms(); ok {
 		_spec.SetField(errorpassthroughrule.FieldPlatforms, field.TypeJSON, value)
 	}
 	if value, ok := _u.mutation.AppendedPlatforms(); ok {
 		_spec.AddModifier(func(u *sql.UpdateBuilder) {
 			sqljson.Append(u, errorpassthroughrule.FieldPlatforms, value)
 		})
 	}
 	if _u.mutation.PlatformsCleared() {
 		_spec.ClearField(errorpassthroughrule.FieldPlatforms, field.TypeJSON)
 	}
 	if value, ok := _u.mutation.PassthroughCode(); ok {
 		_spec.SetField(errorpassthroughrule.FieldPassthroughCode, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.ResponseCode(); ok {
 		_spec.SetField(errorpassthroughrule.FieldResponseCode, field.TypeInt, value)
 	}
 	if value, ok := _u.mutation.AddedResponseCode(); ok {
 		_spec.AddField(errorpassthroughrule.FieldResponseCode, field.TypeInt, value)
 	}
 	if _u.mutation.ResponseCodeCleared() {
 		_spec.ClearField(errorpassthroughrule.FieldResponseCode, field.TypeInt)
 	}
 	if value, ok := _u.mutation.PassthroughBody(); ok {
 		_spec.SetField(errorpassthroughrule.FieldPassthroughBody, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.CustomMessage(); ok {
 		_spec.SetField(errorpassthroughrule.FieldCustomMessage, field.TypeString, value)
 	}
 	if _u.mutation.CustomMessageCleared() {
 		_spec.ClearField(errorpassthroughrule.FieldCustomMessage, field.TypeString)
 	}
 	if value, ok := _u.mutation.SkipMonitoring(); ok {
 		_spec.SetField(errorpassthroughrule.FieldSkipMonitoring, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.Description(); ok {
 		_spec.SetField(errorpassthroughrule.FieldDescription, field.TypeString, value)
 	}
 	if _u.mutation.DescriptionCleared() {
 		_spec.ClearField(errorpassthroughrule.FieldDescription, field.TypeString)
 	}
 	if _node, err = sqlgraph.UpdateNodes(ctx, _u.driver, _spec); err != nil {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{errorpassthroughrule.Label}
 		} else if sqlgraph.IsConstraintError(err) {
 			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return 0, err
 	}
 	_u.mutation.done = true
 	return _node, nil
 }
 // ErrorPassthroughRuleUpdateOne is the builder for updating a single ErrorPassthroughRule entity.
 type ErrorPassthroughRuleUpdateOne struct {
 	config
 	fields   []string
 	hooks    []Hook
 	mutation *ErrorPassthroughRuleMutation
 }
 // SetUpdatedAt sets the "updated_at" field.
 func (_u *ErrorPassthroughRuleUpdateOne) SetUpdatedAt(v time.Time) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.SetUpdatedAt(v)
 	return _u
 }
 // SetName sets the "name" field.
 func (_u *ErrorPassthroughRuleUpdateOne) SetName(v string) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.SetName(v)
 	return _u
 }
 // SetNillableName sets the "name" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdateOne) SetNillableName(v *string) *ErrorPassthroughRuleUpdateOne {
 	if v != nil {
 		_u.SetName(*v)
 	}
 	return _u
 }
 // SetEnabled sets the "enabled" field.
 func (_u *ErrorPassthroughRuleUpdateOne) SetEnabled(v bool) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.SetEnabled(v)
 	return _u
 }
 // SetNillableEnabled sets the "enabled" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdateOne) SetNillableEnabled(v *bool) *ErrorPassthroughRuleUpdateOne {
 	if v != nil {
 		_u.SetEnabled(*v)
 	}
 	return _u
 }
 // SetPriority sets the "priority" field.
 func (_u *ErrorPassthroughRuleUpdateOne) SetPriority(v int) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.ResetPriority()
 	_u.mutation.SetPriority(v)
 	return _u
 }
 // SetNillablePriority sets the "priority" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdateOne) SetNillablePriority(v *int) *ErrorPassthroughRuleUpdateOne {
 	if v != nil {
 		_u.SetPriority(*v)
 	}
 	return _u
 }
 // AddPriority adds value to the "priority" field.
 func (_u *ErrorPassthroughRuleUpdateOne) AddPriority(v int) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.AddPriority(v)
 	return _u
 }
 // SetErrorCodes sets the "error_codes" field.
 func (_u *ErrorPassthroughRuleUpdateOne) SetErrorCodes(v []int) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.SetErrorCodes(v)
 	return _u
 }
 // AppendErrorCodes appends value to the "error_codes" field.
 func (_u *ErrorPassthroughRuleUpdateOne) AppendErrorCodes(v []int) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.AppendErrorCodes(v)
 	return _u
 }
 // ClearErrorCodes clears the value of the "error_codes" field.
 func (_u *ErrorPassthroughRuleUpdateOne) ClearErrorCodes() *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.ClearErrorCodes()
 	return _u
 }
 // SetKeywords sets the "keywords" field.
 func (_u *ErrorPassthroughRuleUpdateOne) SetKeywords(v []string) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.SetKeywords(v)
 	return _u
 }
 // AppendKeywords appends value to the "keywords" field.
 func (_u *ErrorPassthroughRuleUpdateOne) AppendKeywords(v []string) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.AppendKeywords(v)
 	return _u
 }
 // ClearKeywords clears the value of the "keywords" field.
 func (_u *ErrorPassthroughRuleUpdateOne) ClearKeywords() *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.ClearKeywords()
 	return _u
 }
 // SetMatchMode sets the "match_mode" field.
 func (_u *ErrorPassthroughRuleUpdateOne) SetMatchMode(v string) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.SetMatchMode(v)
 	return _u
 }
 // SetNillableMatchMode sets the "match_mode" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdateOne) SetNillableMatchMode(v *string) *ErrorPassthroughRuleUpdateOne {
 	if v != nil {
 		_u.SetMatchMode(*v)
 	}
 	return _u
 }
 // SetPlatforms sets the "platforms" field.
 func (_u *ErrorPassthroughRuleUpdateOne) SetPlatforms(v []string) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.SetPlatforms(v)
 	return _u
 }
 // AppendPlatforms appends value to the "platforms" field.
 func (_u *ErrorPassthroughRuleUpdateOne) AppendPlatforms(v []string) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.AppendPlatforms(v)
 	return _u
 }
 // ClearPlatforms clears the value of the "platforms" field.
 func (_u *ErrorPassthroughRuleUpdateOne) ClearPlatforms() *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.ClearPlatforms()
 	return _u
 }
 // SetPassthroughCode sets the "passthrough_code" field.
 func (_u *ErrorPassthroughRuleUpdateOne) SetPassthroughCode(v bool) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.SetPassthroughCode(v)
 	return _u
 }
 // SetNillablePassthroughCode sets the "passthrough_code" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdateOne) SetNillablePassthroughCode(v *bool) *ErrorPassthroughRuleUpdateOne {
 	if v != nil {
 		_u.SetPassthroughCode(*v)
 	}
 	return _u
 }
 // SetResponseCode sets the "response_code" field.
 func (_u *ErrorPassthroughRuleUpdateOne) SetResponseCode(v int) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.ResetResponseCode()
 	_u.mutation.SetResponseCode(v)
 	return _u
 }
 // SetNillableResponseCode sets the "response_code" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdateOne) SetNillableResponseCode(v *int) *ErrorPassthroughRuleUpdateOne {
 	if v != nil {
 		_u.SetResponseCode(*v)
 	}
 	return _u
 }
 // AddResponseCode adds value to the "response_code" field.
 func (_u *ErrorPassthroughRuleUpdateOne) AddResponseCode(v int) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.AddResponseCode(v)
 	return _u
 }
 // ClearResponseCode clears the value of the "response_code" field.
 func (_u *ErrorPassthroughRuleUpdateOne) ClearResponseCode() *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.ClearResponseCode()
 	return _u
 }
 // SetPassthroughBody sets the "passthrough_body" field.
 func (_u *ErrorPassthroughRuleUpdateOne) SetPassthroughBody(v bool) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.SetPassthroughBody(v)
 	return _u
 }
 // SetNillablePassthroughBody sets the "passthrough_body" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdateOne) SetNillablePassthroughBody(v *bool) *ErrorPassthroughRuleUpdateOne {
 	if v != nil {
 		_u.SetPassthroughBody(*v)
 	}
 	return _u
 }
 // SetCustomMessage sets the "custom_message" field.
 func (_u *ErrorPassthroughRuleUpdateOne) SetCustomMessage(v string) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.SetCustomMessage(v)
 	return _u
 }
 // SetNillableCustomMessage sets the "custom_message" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdateOne) SetNillableCustomMessage(v *string) *ErrorPassthroughRuleUpdateOne {
 	if v != nil {
 		_u.SetCustomMessage(*v)
 	}
 	return _u
 }
 // ClearCustomMessage clears the value of the "custom_message" field.
 func (_u *ErrorPassthroughRuleUpdateOne) ClearCustomMessage() *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.ClearCustomMessage()
 	return _u
 }
 // SetSkipMonitoring sets the "skip_monitoring" field.
 func (_u *ErrorPassthroughRuleUpdateOne) SetSkipMonitoring(v bool) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.SetSkipMonitoring(v)
 	return _u
 }
 // SetNillableSkipMonitoring sets the "skip_monitoring" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdateOne) SetNillableSkipMonitoring(v *bool) *ErrorPassthroughRuleUpdateOne {
 	if v != nil {
 		_u.SetSkipMonitoring(*v)
 	}
 	return _u
 }
 // SetDescription sets the "description" field.
 func (_u *ErrorPassthroughRuleUpdateOne) SetDescription(v string) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.SetDescription(v)
 	return _u
 }
 // SetNillableDescription sets the "description" field if the given value is not nil.
 func (_u *ErrorPassthroughRuleUpdateOne) SetNillableDescription(v *string) *ErrorPassthroughRuleUpdateOne {
 	if v != nil {
 		_u.SetDescription(*v)
 	}
 	return _u
 }
 // ClearDescription clears the value of the "description" field.
 func (_u *ErrorPassthroughRuleUpdateOne) ClearDescription() *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.ClearDescription()
 	return _u
 }
 // Mutation returns the ErrorPassthroughRuleMutation object of the builder.
 func (_u *ErrorPassthroughRuleUpdateOne) Mutation() *ErrorPassthroughRuleMutation {
 	return _u.mutation
 }
 // Where appends a list predicates to the ErrorPassthroughRuleUpdate builder.
 func (_u *ErrorPassthroughRuleUpdateOne) Where(ps ...predicate.ErrorPassthroughRule) *ErrorPassthroughRuleUpdateOne {
 	_u.mutation.Where(ps...)
 	return _u
 }
 // Select allows selecting one or more fields (columns) of the returned entity.
 // The default is selecting all fields defined in the entity schema.
 func (_u *ErrorPassthroughRuleUpdateOne) Select(field string, fields ...string) *ErrorPassthroughRuleUpdateOne {
 	_u.fields = append([]string{field}, fields...)
 	return _u
 }
 // Save executes the query and returns the updated ErrorPassthroughRule entity.
 func (_u *ErrorPassthroughRuleUpdateOne) Save(ctx context.Context) (*ErrorPassthroughRule, error) {
 	_u.defaults()
 	return withHooks(ctx, _u.sqlSave, _u.mutation, _u.hooks)
 }
 // SaveX is like Save, but panics if an error occurs.
 func (_u *ErrorPassthroughRuleUpdateOne) SaveX(ctx context.Context) *ErrorPassthroughRule {
 	node, err := _u.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return node
 }
 // Exec executes the query on the entity.
 func (_u *ErrorPassthroughRuleUpdateOne) Exec(ctx context.Context) error {
 	_, err := _u.Save(ctx)
 	return err
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_u *ErrorPassthroughRuleUpdateOne) ExecX(ctx context.Context) {
 	if err := _u.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 // defaults sets the default values of the builder before save.
 func (_u *ErrorPassthroughRuleUpdateOne) defaults() {
 	if _, ok := _u.mutation.UpdatedAt(); !ok {
 		v := errorpassthroughrule.UpdateDefaultUpdatedAt()
 		_u.mutation.SetUpdatedAt(v)
 	}
 }
 // check runs all checks and user-defined validators on the builder.
 func (_u *ErrorPassthroughRuleUpdateOne) check() error {
 	if v, ok := _u.mutation.Name(); ok {
 		if err := errorpassthroughrule.NameValidator(v); err != nil {
 			return &ValidationError{Name: "name", err: fmt.Errorf(`ent: validator failed for field "ErrorPassthroughRule.name": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.MatchMode(); ok {
 		if err := errorpassthroughrule.MatchModeValidator(v); err != nil {
 			return &ValidationError{Name: "match_mode", err: fmt.Errorf(`ent: validator failed for field "ErrorPassthroughRule.match_mode": %w`, err)}
 		}
 	}
 	return nil
 }
 func (_u *ErrorPassthroughRuleUpdateOne) sqlSave(ctx context.Context) (_node *ErrorPassthroughRule, err error) {
 	if err := _u.check(); err != nil {
 		return _node, err
 	}
 	_spec := sqlgraph.NewUpdateSpec(errorpassthroughrule.Table, errorpassthroughrule.Columns, sqlgraph.NewFieldSpec(errorpassthroughrule.FieldID, field.TypeInt64))
 	id, ok := _u.mutation.ID()
 	if !ok {
 		return nil, &ValidationError{Name: "id", err: errors.New(`ent: missing "ErrorPassthroughRule.id" for update`)}
 	}
 	_spec.Node.ID.Value = id
 	if fields := _u.fields; len(fields) > 0 {
 		_spec.Node.Columns = make([]string, 0, len(fields))
 		_spec.Node.Columns = append(_spec.Node.Columns, errorpassthroughrule.FieldID)
 		for _, f := range fields {
 			if !errorpassthroughrule.ValidColumn(f) {
 				return nil, &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
 			}
 			if f != errorpassthroughrule.FieldID {
 				_spec.Node.Columns = append(_spec.Node.Columns, f)
 			}
 		}
 	}
 	if ps := _u.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	if value, ok := _u.mutation.UpdatedAt(); ok {
 		_spec.SetField(errorpassthroughrule.FieldUpdatedAt, field.TypeTime, value)
 	}
 	if value, ok := _u.mutation.Name(); ok {
 		_spec.SetField(errorpassthroughrule.FieldName, field.TypeString, value)
 	}
 	if value, ok := _u.mutation.Enabled(); ok {
 		_spec.SetField(errorpassthroughrule.FieldEnabled, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.Priority(); ok {
 		_spec.SetField(errorpassthroughrule.FieldPriority, field.TypeInt, value)
 	}
 	if value, ok := _u.mutation.AddedPriority(); ok {
 		_spec.AddField(errorpassthroughrule.FieldPriority, field.TypeInt, value)
 	}
 	if value, ok := _u.mutation.ErrorCodes(); ok {
 		_spec.SetField(errorpassthroughrule.FieldErrorCodes, field.TypeJSON, value)
 	}
 	if value, ok := _u.mutation.AppendedErrorCodes(); ok {
 		_spec.AddModifier(func(u *sql.UpdateBuilder) {
 			sqljson.Append(u, errorpassthroughrule.FieldErrorCodes, value)
 		})
 	}
 	if _u.mutation.ErrorCodesCleared() {
 		_spec.ClearField(errorpassthroughrule.FieldErrorCodes, field.TypeJSON)
 	}
 	if value, ok := _u.mutation.Keywords(); ok {
 		_spec.SetField(errorpassthroughrule.FieldKeywords, field.TypeJSON, value)
 	}
 	if value, ok := _u.mutation.AppendedKeywords(); ok {
 		_spec.AddModifier(func(u *sql.UpdateBuilder) {
 			sqljson.Append(u, errorpassthroughrule.FieldKeywords, value)
 		})
 	}
 	if _u.mutation.KeywordsCleared() {
 		_spec.ClearField(errorpassthroughrule.FieldKeywords, field.TypeJSON)
 	}
 	if value, ok := _u.mutation.MatchMode(); ok {
 		_spec.SetField(errorpassthroughrule.FieldMatchMode, field.TypeString, value)
 	}
 	if value, ok := _u.mutation.Platforms(); ok {
 		_spec.SetField(errorpassthroughrule.FieldPlatforms, field.TypeJSON, value)
 	}
 	if value, ok := _u.mutation.AppendedPlatforms(); ok {
 		_spec.AddModifier(func(u *sql.UpdateBuilder) {
 			sqljson.Append(u, errorpassthroughrule.FieldPlatforms, value)
 		})
 	}
 	if _u.mutation.PlatformsCleared() {
 		_spec.ClearField(errorpassthroughrule.FieldPlatforms, field.TypeJSON)
 	}
 	if value, ok := _u.mutation.PassthroughCode(); ok {
 		_spec.SetField(errorpassthroughrule.FieldPassthroughCode, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.ResponseCode(); ok {
 		_spec.SetField(errorpassthroughrule.FieldResponseCode, field.TypeInt, value)
 	}
 	if value, ok := _u.mutation.AddedResponseCode(); ok {
 		_spec.AddField(errorpassthroughrule.FieldResponseCode, field.TypeInt, value)
 	}
 	if _u.mutation.ResponseCodeCleared() {
 		_spec.ClearField(errorpassthroughrule.FieldResponseCode, field.TypeInt)
 	}
 	if value, ok := _u.mutation.PassthroughBody(); ok {
 		_spec.SetField(errorpassthroughrule.FieldPassthroughBody, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.CustomMessage(); ok {
 		_spec.SetField(errorpassthroughrule.FieldCustomMessage, field.TypeString, value)
 	}
 	if _u.mutation.CustomMessageCleared() {
 		_spec.ClearField(errorpassthroughrule.FieldCustomMessage, field.TypeString)
 	}
 	if value, ok := _u.mutation.SkipMonitoring(); ok {
 		_spec.SetField(errorpassthroughrule.FieldSkipMonitoring, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.Description(); ok {
 		_spec.SetField(errorpassthroughrule.FieldDescription, field.TypeString, value)
 	}
 	if _u.mutation.DescriptionCleared() {
 		_spec.ClearField(errorpassthroughrule.FieldDescription, field.TypeString)
 	}
 	_node = &ErrorPassthroughRule{config: _u.config}
 	_spec.Assign = _node.assignValues
 	_spec.ScanValues = _node.scanValues
 	if err = sqlgraph.UpdateNode(ctx, _u.driver, _spec); err != nil {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{errorpassthroughrule.Label}
 		} else if sqlgraph.IsConstraintError(err) {
 			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
 	_u.mutation.done = true
 	return _node, nil
 }
--- a/backend/ent/group.go
+++ b/backend/ent/group.go
@@ -52,14 +52,30 @@ type Group struct {
 	ImagePrice2k *float64 `json:"image_price_2k,omitempty"`
 	// ImagePrice4k holds the value of the "image_price_4k" field.
 	ImagePrice4k *float64 `json:"image_price_4k,omitempty"`
 	// SoraImagePrice360 holds the value of the "sora_image_price_360" field.
 	SoraImagePrice360 *float64 `json:"sora_image_price_360,omitempty"`
 	// SoraImagePrice540 holds the value of the "sora_image_price_540" field.
 	SoraImagePrice540 *float64 `json:"sora_image_price_540,omitempty"`
 	// SoraVideoPricePerRequest holds the value of the "sora_video_price_per_request" field.
 	SoraVideoPricePerRequest *float64 `json:"sora_video_price_per_request,omitempty"`
 	// SoraVideoPricePerRequestHd holds the value of the "sora_video_price_per_request_hd" field.
 	SoraVideoPricePerRequestHd *float64 `json:"sora_video_price_per_request_hd,omitempty"`
 	// 是否仅允许 Claude Code 客户端
 	ClaudeCodeOnly bool `json:"claude_code_only,omitempty"`
 	// 非 Claude Code 请求降级使用的分组 ID
 	FallbackGroupID *int64 `json:"fallback_group_id,omitempty"`
 	// 无效请求兜底使用的分组 ID
 	FallbackGroupIDOnInvalidRequest *int64 `json:"fallback_group_id_on_invalid_request,omitempty"`
 	// 模型路由配置：模型模式 -> 优先账号ID列表
 	ModelRouting map[string][]int64 `json:"model_routing,omitempty"`
 	// 是否启用模型路由配置
 	ModelRoutingEnabled bool `json:"model_routing_enabled,omitempty"`
 	// 是否注入 MCP XML 调用协议提示词（仅 antigravity 平台）
 	McpXMLInject bool `json:"mcp_xml_inject,omitempty"`
 	// 支持的模型系列：claude, gemini_text, gemini_image
 	SupportedModelScopes []string `json:"supported_model_scopes,omitempty"`
 	// 分组显示排序，数值越小越靠前
 	SortOrder int `json:"sort_order,omitempty"`
 	// Edges holds the relations/edges for other nodes in the graph.
 	// The values are being populated by the GroupQuery when eager-loading is set.
 	Edges        GroupEdges `json:"edges"`
@@ -166,13 +182,13 @@ func (*Group) scanValues(columns []string) ([]any, error) {
 	values := make([]any, len(columns))
 	for i := range columns {
 		switch columns[i] {
-		case group.FieldModelRouting:
+		case group.FieldModelRouting, group.FieldSupportedModelScopes:
 			values[i] = new([]byte)
-		case group.FieldIsExclusive, group.FieldClaudeCodeOnly, group.FieldModelRoutingEnabled:
+		case group.FieldIsExclusive, group.FieldClaudeCodeOnly, group.FieldModelRoutingEnabled, group.FieldMcpXMLInject:
 			values[i] = new(sql.NullBool)
-		case group.FieldRateMultiplier, group.FieldDailyLimitUsd, group.FieldWeeklyLimitUsd, group.FieldMonthlyLimitUsd, group.FieldImagePrice1k, group.FieldImagePrice2k, group.FieldImagePrice4k:
+		case group.FieldRateMultiplier, group.FieldDailyLimitUsd, group.FieldWeeklyLimitUsd, group.FieldMonthlyLimitUsd, group.FieldImagePrice1k, group.FieldImagePrice2k, group.FieldImagePrice4k, group.FieldSoraImagePrice360, group.FieldSoraImagePrice540, group.FieldSoraVideoPricePerRequest, group.FieldSoraVideoPricePerRequestHd:
 			values[i] = new(sql.NullFloat64)
-		case group.FieldID, group.FieldDefaultValidityDays, group.FieldFallbackGroupID:
+		case group.FieldID, group.FieldDefaultValidityDays, group.FieldFallbackGroupID, group.FieldFallbackGroupIDOnInvalidRequest, group.FieldSortOrder:
 			values[i] = new(sql.NullInt64)
 		case group.FieldName, group.FieldDescription, group.FieldStatus, group.FieldPlatform, group.FieldSubscriptionType:
 			values[i] = new(sql.NullString)
@@ -309,6 +325,34 @@ func (_m *Group) assignValues(columns []string, values []any) error {
 				_m.ImagePrice4k = new(float64)
 				*_m.ImagePrice4k = value.Float64
 			}
 		case group.FieldSoraImagePrice360:
 			if value, ok := values[i].(*sql.NullFloat64); !ok {
 				return fmt.Errorf("unexpected type %T for field sora_image_price_360", values[i])
 			} else if value.Valid {
 				_m.SoraImagePrice360 = new(float64)
 				*_m.SoraImagePrice360 = value.Float64
 			}
 		case group.FieldSoraImagePrice540:
 			if value, ok := values[i].(*sql.NullFloat64); !ok {
 				return fmt.Errorf("unexpected type %T for field sora_image_price_540", values[i])
 			} else if value.Valid {
 				_m.SoraImagePrice540 = new(float64)
 				*_m.SoraImagePrice540 = value.Float64
 			}
 		case group.FieldSoraVideoPricePerRequest:
 			if value, ok := values[i].(*sql.NullFloat64); !ok {
 				return fmt.Errorf("unexpected type %T for field sora_video_price_per_request", values[i])
 			} else if value.Valid {
 				_m.SoraVideoPricePerRequest = new(float64)
 				*_m.SoraVideoPricePerRequest = value.Float64
 			}
 		case group.FieldSoraVideoPricePerRequestHd:
 			if value, ok := values[i].(*sql.NullFloat64); !ok {
 				return fmt.Errorf("unexpected type %T for field sora_video_price_per_request_hd", values[i])
 			} else if value.Valid {
 				_m.SoraVideoPricePerRequestHd = new(float64)
 				*_m.SoraVideoPricePerRequestHd = value.Float64
 			}
 		case group.FieldClaudeCodeOnly:
 			if value, ok := values[i].(*sql.NullBool); !ok {
 				return fmt.Errorf("unexpected type %T for field claude_code_only", values[i])
@@ -322,6 +366,13 @@ func (_m *Group) assignValues(columns []string, values []any) error {
 				_m.FallbackGroupID = new(int64)
 				*_m.FallbackGroupID = value.Int64
 			}
 		case group.FieldFallbackGroupIDOnInvalidRequest:
 			if value, ok := values[i].(*sql.NullInt64); !ok {
 				return fmt.Errorf("unexpected type %T for field fallback_group_id_on_invalid_request", values[i])
 			} else if value.Valid {
 				_m.FallbackGroupIDOnInvalidRequest = new(int64)
 				*_m.FallbackGroupIDOnInvalidRequest = value.Int64
 			}
 		case group.FieldModelRouting:
 			if value, ok := values[i].(*[]byte); !ok {
 				return fmt.Errorf("unexpected type %T for field model_routing", values[i])
@@ -336,6 +387,26 @@ func (_m *Group) assignValues(columns []string, values []any) error {
 			} else if value.Valid {
 				_m.ModelRoutingEnabled = value.Bool
 			}
 		case group.FieldMcpXMLInject:
 			if value, ok := values[i].(*sql.NullBool); !ok {
 				return fmt.Errorf("unexpected type %T for field mcp_xml_inject", values[i])
 			} else if value.Valid {
 				_m.McpXMLInject = value.Bool
 			}
 		case group.FieldSupportedModelScopes:
 			if value, ok := values[i].(*[]byte); !ok {
 				return fmt.Errorf("unexpected type %T for field supported_model_scopes", values[i])
 			} else if value != nil && len(*value) > 0 {
 				if err := json.Unmarshal(*value, &_m.SupportedModelScopes); err != nil {
 					return fmt.Errorf("unmarshal field supported_model_scopes: %w", err)
 				}
 			}
 		case group.FieldSortOrder:
 			if value, ok := values[i].(*sql.NullInt64); !ok {
 				return fmt.Errorf("unexpected type %T for field sort_order", values[i])
 			} else if value.Valid {
 				_m.SortOrder = int(value.Int64)
 			}
 		default:
 			_m.selectValues.Set(columns[i], values[i])
 		}
@@ -479,6 +550,26 @@ func (_m *Group) String() string {
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteString(", ")
 	if v := _m.SoraImagePrice360; v != nil {
 		builder.WriteString("sora_image_price_360=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteString(", ")
 	if v := _m.SoraImagePrice540; v != nil {
 		builder.WriteString("sora_image_price_540=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteString(", ")
 	if v := _m.SoraVideoPricePerRequest; v != nil {
 		builder.WriteString("sora_video_price_per_request=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteString(", ")
 	if v := _m.SoraVideoPricePerRequestHd; v != nil {
 		builder.WriteString("sora_video_price_per_request_hd=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteString(", ")
 	builder.WriteString("claude_code_only=")
 	builder.WriteString(fmt.Sprintf("%v", _m.ClaudeCodeOnly))
 	builder.WriteString(", ")
@@ -487,11 +578,25 @@ func (_m *Group) String() string {
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteString(", ")
 	if v := _m.FallbackGroupIDOnInvalidRequest; v != nil {
 		builder.WriteString("fallback_group_id_on_invalid_request=")
 		builder.WriteString(fmt.Sprintf("%v", *v))
 	}
 	builder.WriteString(", ")
 	builder.WriteString("model_routing=")
 	builder.WriteString(fmt.Sprintf("%v", _m.ModelRouting))
 	builder.WriteString(", ")
 	builder.WriteString("model_routing_enabled=")
 	builder.WriteString(fmt.Sprintf("%v", _m.ModelRoutingEnabled))
 	builder.WriteString(", ")
 	builder.WriteString("mcp_xml_inject=")
 	builder.WriteString(fmt.Sprintf("%v", _m.McpXMLInject))
 	builder.WriteString(", ")
 	builder.WriteString("supported_model_scopes=")
 	builder.WriteString(fmt.Sprintf("%v", _m.SupportedModelScopes))
 	builder.WriteString(", ")
 	builder.WriteString("sort_order=")
 	builder.WriteString(fmt.Sprintf("%v", _m.SortOrder))
 	builder.WriteByte(')')
 	return builder.String()
 }
--- a/backend/ent/group/group.go
+++ b/backend/ent/group/group.go
@@ -49,14 +49,30 @@ const (
 	FieldImagePrice2k = "image_price_2k"
 	// FieldImagePrice4k holds the string denoting the image_price_4k field in the database.
 	FieldImagePrice4k = "image_price_4k"
 	// FieldSoraImagePrice360 holds the string denoting the sora_image_price_360 field in the database.
 	FieldSoraImagePrice360 = "sora_image_price_360"
 	// FieldSoraImagePrice540 holds the string denoting the sora_image_price_540 field in the database.
 	FieldSoraImagePrice540 = "sora_image_price_540"
 	// FieldSoraVideoPricePerRequest holds the string denoting the sora_video_price_per_request field in the database.
 	FieldSoraVideoPricePerRequest = "sora_video_price_per_request"
 	// FieldSoraVideoPricePerRequestHd holds the string denoting the sora_video_price_per_request_hd field in the database.
 	FieldSoraVideoPricePerRequestHd = "sora_video_price_per_request_hd"
 	// FieldClaudeCodeOnly holds the string denoting the claude_code_only field in the database.
 	FieldClaudeCodeOnly = "claude_code_only"
 	// FieldFallbackGroupID holds the string denoting the fallback_group_id field in the database.
 	FieldFallbackGroupID = "fallback_group_id"
 	// FieldFallbackGroupIDOnInvalidRequest holds the string denoting the fallback_group_id_on_invalid_request field in the database.
 	FieldFallbackGroupIDOnInvalidRequest = "fallback_group_id_on_invalid_request"
 	// FieldModelRouting holds the string denoting the model_routing field in the database.
 	FieldModelRouting = "model_routing"
 	// FieldModelRoutingEnabled holds the string denoting the model_routing_enabled field in the database.
 	FieldModelRoutingEnabled = "model_routing_enabled"
 	// FieldMcpXMLInject holds the string denoting the mcp_xml_inject field in the database.
 	FieldMcpXMLInject = "mcp_xml_inject"
 	// FieldSupportedModelScopes holds the string denoting the supported_model_scopes field in the database.
 	FieldSupportedModelScopes = "supported_model_scopes"
 	// FieldSortOrder holds the string denoting the sort_order field in the database.
 	FieldSortOrder = "sort_order"
 	// EdgeAPIKeys holds the string denoting the api_keys edge name in mutations.
 	EdgeAPIKeys = "api_keys"
 	// EdgeRedeemCodes holds the string denoting the redeem_codes edge name in mutations.
@@ -149,10 +165,18 @@ var Columns = []string{
 	FieldImagePrice1k,
 	FieldImagePrice2k,
 	FieldImagePrice4k,
 	FieldSoraImagePrice360,
 	FieldSoraImagePrice540,
 	FieldSoraVideoPricePerRequest,
 	FieldSoraVideoPricePerRequestHd,
 	FieldClaudeCodeOnly,
 	FieldFallbackGroupID,
 	FieldFallbackGroupIDOnInvalidRequest,
 	FieldModelRouting,
 	FieldModelRoutingEnabled,
 	FieldMcpXMLInject,
 	FieldSupportedModelScopes,
 	FieldSortOrder,
 }
 var (
@@ -212,6 +236,12 @@ var (
 	DefaultClaudeCodeOnly bool
 	// DefaultModelRoutingEnabled holds the default value on creation for the "model_routing_enabled" field.
 	DefaultModelRoutingEnabled bool
 	// DefaultMcpXMLInject holds the default value on creation for the "mcp_xml_inject" field.
 	DefaultMcpXMLInject bool
 	// DefaultSupportedModelScopes holds the default value on creation for the "supported_model_scopes" field.
 	DefaultSupportedModelScopes []string
 	// DefaultSortOrder holds the default value on creation for the "sort_order" field.
 	DefaultSortOrder int
 )
 // OrderOption defines the ordering options for the Group queries.
@@ -307,6 +337,26 @@ func ByImagePrice4k(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldImagePrice4k, opts...).ToFunc()
 }
 // BySoraImagePrice360 orders the results by the sora_image_price_360 field.
 func BySoraImagePrice360(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldSoraImagePrice360, opts...).ToFunc()
 }
 // BySoraImagePrice540 orders the results by the sora_image_price_540 field.
 func BySoraImagePrice540(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldSoraImagePrice540, opts...).ToFunc()
 }
 // BySoraVideoPricePerRequest orders the results by the sora_video_price_per_request field.
 func BySoraVideoPricePerRequest(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldSoraVideoPricePerRequest, opts...).ToFunc()
 }
 // BySoraVideoPricePerRequestHd orders the results by the sora_video_price_per_request_hd field.
 func BySoraVideoPricePerRequestHd(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldSoraVideoPricePerRequestHd, opts...).ToFunc()
 }
 // ByClaudeCodeOnly orders the results by the claude_code_only field.
 func ByClaudeCodeOnly(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldClaudeCodeOnly, opts...).ToFunc()
@@ -317,11 +367,26 @@ func ByFallbackGroupID(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldFallbackGroupID, opts...).ToFunc()
 }
 // ByFallbackGroupIDOnInvalidRequest orders the results by the fallback_group_id_on_invalid_request field.
 func ByFallbackGroupIDOnInvalidRequest(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldFallbackGroupIDOnInvalidRequest, opts...).ToFunc()
 }
 // ByModelRoutingEnabled orders the results by the model_routing_enabled field.
 func ByModelRoutingEnabled(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldModelRoutingEnabled, opts...).ToFunc()
 }
 // ByMcpXMLInject orders the results by the mcp_xml_inject field.
 func ByMcpXMLInject(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldMcpXMLInject, opts...).ToFunc()
 }
 // BySortOrder orders the results by the sort_order field.
 func BySortOrder(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldSortOrder, opts...).ToFunc()
 }
 // ByAPIKeysCount orders the results by api_keys count.
 func ByAPIKeysCount(opts ...sql.OrderTermOption) OrderOption {
 	return func(s *sql.Selector) {
--- a/backend/ent/group/where.go
+++ b/backend/ent/group/where.go
@@ -140,6 +140,26 @@ func ImagePrice4k(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldImagePrice4k, v))
 }
 // SoraImagePrice360 applies equality check predicate on the "sora_image_price_360" field. It's identical to SoraImagePrice360EQ.
 func SoraImagePrice360(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraImagePrice360, v))
 }
 // SoraImagePrice540 applies equality check predicate on the "sora_image_price_540" field. It's identical to SoraImagePrice540EQ.
 func SoraImagePrice540(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraImagePrice540, v))
 }
 // SoraVideoPricePerRequest applies equality check predicate on the "sora_video_price_per_request" field. It's identical to SoraVideoPricePerRequestEQ.
 func SoraVideoPricePerRequest(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraVideoPricePerRequest, v))
 }
 // SoraVideoPricePerRequestHd applies equality check predicate on the "sora_video_price_per_request_hd" field. It's identical to SoraVideoPricePerRequestHdEQ.
 func SoraVideoPricePerRequestHd(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraVideoPricePerRequestHd, v))
 }
 // ClaudeCodeOnly applies equality check predicate on the "claude_code_only" field. It's identical to ClaudeCodeOnlyEQ.
 func ClaudeCodeOnly(v bool) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldClaudeCodeOnly, v))
@@ -150,11 +170,26 @@ func FallbackGroupID(v int64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldFallbackGroupID, v))
 }
 // FallbackGroupIDOnInvalidRequest applies equality check predicate on the "fallback_group_id_on_invalid_request" field. It's identical to FallbackGroupIDOnInvalidRequestEQ.
 func FallbackGroupIDOnInvalidRequest(v int64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldFallbackGroupIDOnInvalidRequest, v))
 }
 // ModelRoutingEnabled applies equality check predicate on the "model_routing_enabled" field. It's identical to ModelRoutingEnabledEQ.
 func ModelRoutingEnabled(v bool) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldModelRoutingEnabled, v))
 }
 // McpXMLInject applies equality check predicate on the "mcp_xml_inject" field. It's identical to McpXMLInjectEQ.
 func McpXMLInject(v bool) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldMcpXMLInject, v))
 }
 // SortOrder applies equality check predicate on the "sort_order" field. It's identical to SortOrderEQ.
 func SortOrder(v int) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSortOrder, v))
 }
 // CreatedAtEQ applies the EQ predicate on the "created_at" field.
 func CreatedAtEQ(v time.Time) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldCreatedAt, v))
@@ -1010,6 +1045,206 @@ func ImagePrice4kNotNil() predicate.Group {
 	return predicate.Group(sql.FieldNotNull(FieldImagePrice4k))
 }
 // SoraImagePrice360EQ applies the EQ predicate on the "sora_image_price_360" field.
 func SoraImagePrice360EQ(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraImagePrice360, v))
 }
 // SoraImagePrice360NEQ applies the NEQ predicate on the "sora_image_price_360" field.
 func SoraImagePrice360NEQ(v float64) predicate.Group {
 	return predicate.Group(sql.FieldNEQ(FieldSoraImagePrice360, v))
 }
 // SoraImagePrice360In applies the In predicate on the "sora_image_price_360" field.
 func SoraImagePrice360In(vs ...float64) predicate.Group {
 	return predicate.Group(sql.FieldIn(FieldSoraImagePrice360, vs...))
 }
 // SoraImagePrice360NotIn applies the NotIn predicate on the "sora_image_price_360" field.
 func SoraImagePrice360NotIn(vs ...float64) predicate.Group {
 	return predicate.Group(sql.FieldNotIn(FieldSoraImagePrice360, vs...))
 }
 // SoraImagePrice360GT applies the GT predicate on the "sora_image_price_360" field.
 func SoraImagePrice360GT(v float64) predicate.Group {
 	return predicate.Group(sql.FieldGT(FieldSoraImagePrice360, v))
 }
 // SoraImagePrice360GTE applies the GTE predicate on the "sora_image_price_360" field.
 func SoraImagePrice360GTE(v float64) predicate.Group {
 	return predicate.Group(sql.FieldGTE(FieldSoraImagePrice360, v))
 }
 // SoraImagePrice360LT applies the LT predicate on the "sora_image_price_360" field.
 func SoraImagePrice360LT(v float64) predicate.Group {
 	return predicate.Group(sql.FieldLT(FieldSoraImagePrice360, v))
 }
 // SoraImagePrice360LTE applies the LTE predicate on the "sora_image_price_360" field.
 func SoraImagePrice360LTE(v float64) predicate.Group {
 	return predicate.Group(sql.FieldLTE(FieldSoraImagePrice360, v))
 }
 // SoraImagePrice360IsNil applies the IsNil predicate on the "sora_image_price_360" field.
 func SoraImagePrice360IsNil() predicate.Group {
 	return predicate.Group(sql.FieldIsNull(FieldSoraImagePrice360))
 }
 // SoraImagePrice360NotNil applies the NotNil predicate on the "sora_image_price_360" field.
 func SoraImagePrice360NotNil() predicate.Group {
 	return predicate.Group(sql.FieldNotNull(FieldSoraImagePrice360))
 }
 // SoraImagePrice540EQ applies the EQ predicate on the "sora_image_price_540" field.
 func SoraImagePrice540EQ(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraImagePrice540, v))
 }
 // SoraImagePrice540NEQ applies the NEQ predicate on the "sora_image_price_540" field.
 func SoraImagePrice540NEQ(v float64) predicate.Group {
 	return predicate.Group(sql.FieldNEQ(FieldSoraImagePrice540, v))
 }
 // SoraImagePrice540In applies the In predicate on the "sora_image_price_540" field.
 func SoraImagePrice540In(vs ...float64) predicate.Group {
 	return predicate.Group(sql.FieldIn(FieldSoraImagePrice540, vs...))
 }
 // SoraImagePrice540NotIn applies the NotIn predicate on the "sora_image_price_540" field.
 func SoraImagePrice540NotIn(vs ...float64) predicate.Group {
 	return predicate.Group(sql.FieldNotIn(FieldSoraImagePrice540, vs...))
 }
 // SoraImagePrice540GT applies the GT predicate on the "sora_image_price_540" field.
 func SoraImagePrice540GT(v float64) predicate.Group {
 	return predicate.Group(sql.FieldGT(FieldSoraImagePrice540, v))
 }
 // SoraImagePrice540GTE applies the GTE predicate on the "sora_image_price_540" field.
 func SoraImagePrice540GTE(v float64) predicate.Group {
 	return predicate.Group(sql.FieldGTE(FieldSoraImagePrice540, v))
 }
 // SoraImagePrice540LT applies the LT predicate on the "sora_image_price_540" field.
 func SoraImagePrice540LT(v float64) predicate.Group {
 	return predicate.Group(sql.FieldLT(FieldSoraImagePrice540, v))
 }
 // SoraImagePrice540LTE applies the LTE predicate on the "sora_image_price_540" field.
 func SoraImagePrice540LTE(v float64) predicate.Group {
 	return predicate.Group(sql.FieldLTE(FieldSoraImagePrice540, v))
 }
 // SoraImagePrice540IsNil applies the IsNil predicate on the "sora_image_price_540" field.
 func SoraImagePrice540IsNil() predicate.Group {
 	return predicate.Group(sql.FieldIsNull(FieldSoraImagePrice540))
 }
 // SoraImagePrice540NotNil applies the NotNil predicate on the "sora_image_price_540" field.
 func SoraImagePrice540NotNil() predicate.Group {
 	return predicate.Group(sql.FieldNotNull(FieldSoraImagePrice540))
 }
 // SoraVideoPricePerRequestEQ applies the EQ predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestEQ(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraVideoPricePerRequest, v))
 }
 // SoraVideoPricePerRequestNEQ applies the NEQ predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestNEQ(v float64) predicate.Group {
 	return predicate.Group(sql.FieldNEQ(FieldSoraVideoPricePerRequest, v))
 }
 // SoraVideoPricePerRequestIn applies the In predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestIn(vs ...float64) predicate.Group {
 	return predicate.Group(sql.FieldIn(FieldSoraVideoPricePerRequest, vs...))
 }
 // SoraVideoPricePerRequestNotIn applies the NotIn predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestNotIn(vs ...float64) predicate.Group {
 	return predicate.Group(sql.FieldNotIn(FieldSoraVideoPricePerRequest, vs...))
 }
 // SoraVideoPricePerRequestGT applies the GT predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestGT(v float64) predicate.Group {
 	return predicate.Group(sql.FieldGT(FieldSoraVideoPricePerRequest, v))
 }
 // SoraVideoPricePerRequestGTE applies the GTE predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestGTE(v float64) predicate.Group {
 	return predicate.Group(sql.FieldGTE(FieldSoraVideoPricePerRequest, v))
 }
 // SoraVideoPricePerRequestLT applies the LT predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestLT(v float64) predicate.Group {
 	return predicate.Group(sql.FieldLT(FieldSoraVideoPricePerRequest, v))
 }
 // SoraVideoPricePerRequestLTE applies the LTE predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestLTE(v float64) predicate.Group {
 	return predicate.Group(sql.FieldLTE(FieldSoraVideoPricePerRequest, v))
 }
 // SoraVideoPricePerRequestIsNil applies the IsNil predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestIsNil() predicate.Group {
 	return predicate.Group(sql.FieldIsNull(FieldSoraVideoPricePerRequest))
 }
 // SoraVideoPricePerRequestNotNil applies the NotNil predicate on the "sora_video_price_per_request" field.
 func SoraVideoPricePerRequestNotNil() predicate.Group {
 	return predicate.Group(sql.FieldNotNull(FieldSoraVideoPricePerRequest))
 }
 // SoraVideoPricePerRequestHdEQ applies the EQ predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdEQ(v float64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSoraVideoPricePerRequestHd, v))
 }
 // SoraVideoPricePerRequestHdNEQ applies the NEQ predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdNEQ(v float64) predicate.Group {
 	return predicate.Group(sql.FieldNEQ(FieldSoraVideoPricePerRequestHd, v))
 }
 // SoraVideoPricePerRequestHdIn applies the In predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdIn(vs ...float64) predicate.Group {
 	return predicate.Group(sql.FieldIn(FieldSoraVideoPricePerRequestHd, vs...))
 }
 // SoraVideoPricePerRequestHdNotIn applies the NotIn predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdNotIn(vs ...float64) predicate.Group {
 	return predicate.Group(sql.FieldNotIn(FieldSoraVideoPricePerRequestHd, vs...))
 }
 // SoraVideoPricePerRequestHdGT applies the GT predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdGT(v float64) predicate.Group {
 	return predicate.Group(sql.FieldGT(FieldSoraVideoPricePerRequestHd, v))
 }
 // SoraVideoPricePerRequestHdGTE applies the GTE predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdGTE(v float64) predicate.Group {
 	return predicate.Group(sql.FieldGTE(FieldSoraVideoPricePerRequestHd, v))
 }
 // SoraVideoPricePerRequestHdLT applies the LT predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdLT(v float64) predicate.Group {
 	return predicate.Group(sql.FieldLT(FieldSoraVideoPricePerRequestHd, v))
 }
 // SoraVideoPricePerRequestHdLTE applies the LTE predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdLTE(v float64) predicate.Group {
 	return predicate.Group(sql.FieldLTE(FieldSoraVideoPricePerRequestHd, v))
 }
 // SoraVideoPricePerRequestHdIsNil applies the IsNil predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdIsNil() predicate.Group {
 	return predicate.Group(sql.FieldIsNull(FieldSoraVideoPricePerRequestHd))
 }
 // SoraVideoPricePerRequestHdNotNil applies the NotNil predicate on the "sora_video_price_per_request_hd" field.
 func SoraVideoPricePerRequestHdNotNil() predicate.Group {
 	return predicate.Group(sql.FieldNotNull(FieldSoraVideoPricePerRequestHd))
 }
 // ClaudeCodeOnlyEQ applies the EQ predicate on the "claude_code_only" field.
 func ClaudeCodeOnlyEQ(v bool) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldClaudeCodeOnly, v))
@@ -1070,6 +1305,56 @@ func FallbackGroupIDNotNil() predicate.Group {
 	return predicate.Group(sql.FieldNotNull(FieldFallbackGroupID))
 }
 // FallbackGroupIDOnInvalidRequestEQ applies the EQ predicate on the "fallback_group_id_on_invalid_request" field.
 func FallbackGroupIDOnInvalidRequestEQ(v int64) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldFallbackGroupIDOnInvalidRequest, v))
 }
 // FallbackGroupIDOnInvalidRequestNEQ applies the NEQ predicate on the "fallback_group_id_on_invalid_request" field.
 func FallbackGroupIDOnInvalidRequestNEQ(v int64) predicate.Group {
 	return predicate.Group(sql.FieldNEQ(FieldFallbackGroupIDOnInvalidRequest, v))
 }
 // FallbackGroupIDOnInvalidRequestIn applies the In predicate on the "fallback_group_id_on_invalid_request" field.
 func FallbackGroupIDOnInvalidRequestIn(vs ...int64) predicate.Group {
 	return predicate.Group(sql.FieldIn(FieldFallbackGroupIDOnInvalidRequest, vs...))
 }
 // FallbackGroupIDOnInvalidRequestNotIn applies the NotIn predicate on the "fallback_group_id_on_invalid_request" field.
 func FallbackGroupIDOnInvalidRequestNotIn(vs ...int64) predicate.Group {
 	return predicate.Group(sql.FieldNotIn(FieldFallbackGroupIDOnInvalidRequest, vs...))
 }
 // FallbackGroupIDOnInvalidRequestGT applies the GT predicate on the "fallback_group_id_on_invalid_request" field.
 func FallbackGroupIDOnInvalidRequestGT(v int64) predicate.Group {
 	return predicate.Group(sql.FieldGT(FieldFallbackGroupIDOnInvalidRequest, v))
 }
 // FallbackGroupIDOnInvalidRequestGTE applies the GTE predicate on the "fallback_group_id_on_invalid_request" field.
 func FallbackGroupIDOnInvalidRequestGTE(v int64) predicate.Group {
 	return predicate.Group(sql.FieldGTE(FieldFallbackGroupIDOnInvalidRequest, v))
 }
 // FallbackGroupIDOnInvalidRequestLT applies the LT predicate on the "fallback_group_id_on_invalid_request" field.
 func FallbackGroupIDOnInvalidRequestLT(v int64) predicate.Group {
 	return predicate.Group(sql.FieldLT(FieldFallbackGroupIDOnInvalidRequest, v))
 }
 // FallbackGroupIDOnInvalidRequestLTE applies the LTE predicate on the "fallback_group_id_on_invalid_request" field.
 func FallbackGroupIDOnInvalidRequestLTE(v int64) predicate.Group {
 	return predicate.Group(sql.FieldLTE(FieldFallbackGroupIDOnInvalidRequest, v))
 }
 // FallbackGroupIDOnInvalidRequestIsNil applies the IsNil predicate on the "fallback_group_id_on_invalid_request" field.
 func FallbackGroupIDOnInvalidRequestIsNil() predicate.Group {
 	return predicate.Group(sql.FieldIsNull(FieldFallbackGroupIDOnInvalidRequest))
 }
 // FallbackGroupIDOnInvalidRequestNotNil applies the NotNil predicate on the "fallback_group_id_on_invalid_request" field.
 func FallbackGroupIDOnInvalidRequestNotNil() predicate.Group {
 	return predicate.Group(sql.FieldNotNull(FieldFallbackGroupIDOnInvalidRequest))
 }
 // ModelRoutingIsNil applies the IsNil predicate on the "model_routing" field.
 func ModelRoutingIsNil() predicate.Group {
 	return predicate.Group(sql.FieldIsNull(FieldModelRouting))
@@ -1090,6 +1375,56 @@ func ModelRoutingEnabledNEQ(v bool) predicate.Group {
 	return predicate.Group(sql.FieldNEQ(FieldModelRoutingEnabled, v))
 }
 // McpXMLInjectEQ applies the EQ predicate on the "mcp_xml_inject" field.
 func McpXMLInjectEQ(v bool) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldMcpXMLInject, v))
 }
 // McpXMLInjectNEQ applies the NEQ predicate on the "mcp_xml_inject" field.
 func McpXMLInjectNEQ(v bool) predicate.Group {
 	return predicate.Group(sql.FieldNEQ(FieldMcpXMLInject, v))
 }
 // SortOrderEQ applies the EQ predicate on the "sort_order" field.
 func SortOrderEQ(v int) predicate.Group {
 	return predicate.Group(sql.FieldEQ(FieldSortOrder, v))
 }
 // SortOrderNEQ applies the NEQ predicate on the "sort_order" field.
 func SortOrderNEQ(v int) predicate.Group {
 	return predicate.Group(sql.FieldNEQ(FieldSortOrder, v))
 }
 // SortOrderIn applies the In predicate on the "sort_order" field.
 func SortOrderIn(vs ...int) predicate.Group {
 	return predicate.Group(sql.FieldIn(FieldSortOrder, vs...))
 }
 // SortOrderNotIn applies the NotIn predicate on the "sort_order" field.
 func SortOrderNotIn(vs ...int) predicate.Group {
 	return predicate.Group(sql.FieldNotIn(FieldSortOrder, vs...))
 }
 // SortOrderGT applies the GT predicate on the "sort_order" field.
 func SortOrderGT(v int) predicate.Group {
 	return predicate.Group(sql.FieldGT(FieldSortOrder, v))
 }
 // SortOrderGTE applies the GTE predicate on the "sort_order" field.
 func SortOrderGTE(v int) predicate.Group {
 	return predicate.Group(sql.FieldGTE(FieldSortOrder, v))
 }
 // SortOrderLT applies the LT predicate on the "sort_order" field.
 func SortOrderLT(v int) predicate.Group {
 	return predicate.Group(sql.FieldLT(FieldSortOrder, v))
 }
 // SortOrderLTE applies the LTE predicate on the "sort_order" field.
 func SortOrderLTE(v int) predicate.Group {
 	return predicate.Group(sql.FieldLTE(FieldSortOrder, v))
 }
 // HasAPIKeys applies the HasEdge predicate on the "api_keys" edge.
 func HasAPIKeys() predicate.Group {
 	return predicate.Group(func(s *sql.Selector) {
--- a/backend/ent/group_create.go
+++ b/backend/ent/group_create.go
@@ -258,6 +258,62 @@ func (_c *GroupCreate) SetNillableImagePrice4k(v *float64) *GroupCreate {
 	return _c
 }
 // SetSoraImagePrice360 sets the "sora_image_price_360" field.
 func (_c *GroupCreate) SetSoraImagePrice360(v float64) *GroupCreate {
 	_c.mutation.SetSoraImagePrice360(v)
 	return _c
 }
 // SetNillableSoraImagePrice360 sets the "sora_image_price_360" field if the given value is not nil.
 func (_c *GroupCreate) SetNillableSoraImagePrice360(v *float64) *GroupCreate {
 	if v != nil {
 		_c.SetSoraImagePrice360(*v)
 	}
 	return _c
 }
 // SetSoraImagePrice540 sets the "sora_image_price_540" field.
 func (_c *GroupCreate) SetSoraImagePrice540(v float64) *GroupCreate {
 	_c.mutation.SetSoraImagePrice540(v)
 	return _c
 }
 // SetNillableSoraImagePrice540 sets the "sora_image_price_540" field if the given value is not nil.
 func (_c *GroupCreate) SetNillableSoraImagePrice540(v *float64) *GroupCreate {
 	if v != nil {
 		_c.SetSoraImagePrice540(*v)
 	}
 	return _c
 }
 // SetSoraVideoPricePerRequest sets the "sora_video_price_per_request" field.
 func (_c *GroupCreate) SetSoraVideoPricePerRequest(v float64) *GroupCreate {
 	_c.mutation.SetSoraVideoPricePerRequest(v)
 	return _c
 }
 // SetNillableSoraVideoPricePerRequest sets the "sora_video_price_per_request" field if the given value is not nil.
 func (_c *GroupCreate) SetNillableSoraVideoPricePerRequest(v *float64) *GroupCreate {
 	if v != nil {
 		_c.SetSoraVideoPricePerRequest(*v)
 	}
 	return _c
 }
 // SetSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field.
 func (_c *GroupCreate) SetSoraVideoPricePerRequestHd(v float64) *GroupCreate {
 	_c.mutation.SetSoraVideoPricePerRequestHd(v)
 	return _c
 }
 // SetNillableSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field if the given value is not nil.
 func (_c *GroupCreate) SetNillableSoraVideoPricePerRequestHd(v *float64) *GroupCreate {
 	if v != nil {
 		_c.SetSoraVideoPricePerRequestHd(*v)
 	}
 	return _c
 }
 // SetClaudeCodeOnly sets the "claude_code_only" field.
 func (_c *GroupCreate) SetClaudeCodeOnly(v bool) *GroupCreate {
 	_c.mutation.SetClaudeCodeOnly(v)
@@ -286,6 +342,20 @@ func (_c *GroupCreate) SetNillableFallbackGroupID(v *int64) *GroupCreate {
 	return _c
 }
 // SetFallbackGroupIDOnInvalidRequest sets the "fallback_group_id_on_invalid_request" field.
 func (_c *GroupCreate) SetFallbackGroupIDOnInvalidRequest(v int64) *GroupCreate {
 	_c.mutation.SetFallbackGroupIDOnInvalidRequest(v)
 	return _c
 }
 // SetNillableFallbackGroupIDOnInvalidRequest sets the "fallback_group_id_on_invalid_request" field if the given value is not nil.
 func (_c *GroupCreate) SetNillableFallbackGroupIDOnInvalidRequest(v *int64) *GroupCreate {
 	if v != nil {
 		_c.SetFallbackGroupIDOnInvalidRequest(*v)
 	}
 	return _c
 }
 // SetModelRouting sets the "model_routing" field.
 func (_c *GroupCreate) SetModelRouting(v map[string][]int64) *GroupCreate {
 	_c.mutation.SetModelRouting(v)
@@ -306,6 +376,40 @@ func (_c *GroupCreate) SetNillableModelRoutingEnabled(v *bool) *GroupCreate {
 	return _c
 }
 // SetMcpXMLInject sets the "mcp_xml_inject" field.
 func (_c *GroupCreate) SetMcpXMLInject(v bool) *GroupCreate {
 	_c.mutation.SetMcpXMLInject(v)
 	return _c
 }
 // SetNillableMcpXMLInject sets the "mcp_xml_inject" field if the given value is not nil.
 func (_c *GroupCreate) SetNillableMcpXMLInject(v *bool) *GroupCreate {
 	if v != nil {
 		_c.SetMcpXMLInject(*v)
 	}
 	return _c
 }
 // SetSupportedModelScopes sets the "supported_model_scopes" field.
 func (_c *GroupCreate) SetSupportedModelScopes(v []string) *GroupCreate {
 	_c.mutation.SetSupportedModelScopes(v)
 	return _c
 }
 // SetSortOrder sets the "sort_order" field.
 func (_c *GroupCreate) SetSortOrder(v int) *GroupCreate {
 	_c.mutation.SetSortOrder(v)
 	return _c
 }
 // SetNillableSortOrder sets the "sort_order" field if the given value is not nil.
 func (_c *GroupCreate) SetNillableSortOrder(v *int) *GroupCreate {
 	if v != nil {
 		_c.SetSortOrder(*v)
 	}
 	return _c
 }
 // AddAPIKeyIDs adds the "api_keys" edge to the APIKey entity by IDs.
 func (_c *GroupCreate) AddAPIKeyIDs(ids ...int64) *GroupCreate {
 	_c.mutation.AddAPIKeyIDs(ids...)
@@ -479,6 +583,18 @@ func (_c *GroupCreate) defaults() error {
 		v := group.DefaultModelRoutingEnabled
 		_c.mutation.SetModelRoutingEnabled(v)
 	}
 	if _, ok := _c.mutation.McpXMLInject(); !ok {
 		v := group.DefaultMcpXMLInject
 		_c.mutation.SetMcpXMLInject(v)
 	}
 	if _, ok := _c.mutation.SupportedModelScopes(); !ok {
 		v := group.DefaultSupportedModelScopes
 		_c.mutation.SetSupportedModelScopes(v)
 	}
 	if _, ok := _c.mutation.SortOrder(); !ok {
 		v := group.DefaultSortOrder
 		_c.mutation.SetSortOrder(v)
 	}
 	return nil
 }
@@ -537,6 +653,15 @@ func (_c *GroupCreate) check() error {
 	if _, ok := _c.mutation.ModelRoutingEnabled(); !ok {
 		return &ValidationError{Name: "model_routing_enabled", err: errors.New(`ent: missing required field "Group.model_routing_enabled"`)}
 	}
 	if _, ok := _c.mutation.McpXMLInject(); !ok {
 		return &ValidationError{Name: "mcp_xml_inject", err: errors.New(`ent: missing required field "Group.mcp_xml_inject"`)}
 	}
 	if _, ok := _c.mutation.SupportedModelScopes(); !ok {
 		return &ValidationError{Name: "supported_model_scopes", err: errors.New(`ent: missing required field "Group.supported_model_scopes"`)}
 	}
 	if _, ok := _c.mutation.SortOrder(); !ok {
 		return &ValidationError{Name: "sort_order", err: errors.New(`ent: missing required field "Group.sort_order"`)}
 	}
 	return nil
 }
@@ -632,6 +757,22 @@ func (_c *GroupCreate) createSpec() (*Group, *sqlgraph.CreateSpec) {
 		_spec.SetField(group.FieldImagePrice4k, field.TypeFloat64, value)
 		_node.ImagePrice4k = &value
 	}
 	if value, ok := _c.mutation.SoraImagePrice360(); ok {
 		_spec.SetField(group.FieldSoraImagePrice360, field.TypeFloat64, value)
 		_node.SoraImagePrice360 = &value
 	}
 	if value, ok := _c.mutation.SoraImagePrice540(); ok {
 		_spec.SetField(group.FieldSoraImagePrice540, field.TypeFloat64, value)
 		_node.SoraImagePrice540 = &value
 	}
 	if value, ok := _c.mutation.SoraVideoPricePerRequest(); ok {
 		_spec.SetField(group.FieldSoraVideoPricePerRequest, field.TypeFloat64, value)
 		_node.SoraVideoPricePerRequest = &value
 	}
 	if value, ok := _c.mutation.SoraVideoPricePerRequestHd(); ok {
 		_spec.SetField(group.FieldSoraVideoPricePerRequestHd, field.TypeFloat64, value)
 		_node.SoraVideoPricePerRequestHd = &value
 	}
 	if value, ok := _c.mutation.ClaudeCodeOnly(); ok {
 		_spec.SetField(group.FieldClaudeCodeOnly, field.TypeBool, value)
 		_node.ClaudeCodeOnly = value
@@ -640,6 +781,10 @@ func (_c *GroupCreate) createSpec() (*Group, *sqlgraph.CreateSpec) {
 		_spec.SetField(group.FieldFallbackGroupID, field.TypeInt64, value)
 		_node.FallbackGroupID = &value
 	}
 	if value, ok := _c.mutation.FallbackGroupIDOnInvalidRequest(); ok {
 		_spec.SetField(group.FieldFallbackGroupIDOnInvalidRequest, field.TypeInt64, value)
 		_node.FallbackGroupIDOnInvalidRequest = &value
 	}
 	if value, ok := _c.mutation.ModelRouting(); ok {
 		_spec.SetField(group.FieldModelRouting, field.TypeJSON, value)
 		_node.ModelRouting = value
@@ -648,6 +793,18 @@ func (_c *GroupCreate) createSpec() (*Group, *sqlgraph.CreateSpec) {
 		_spec.SetField(group.FieldModelRoutingEnabled, field.TypeBool, value)
 		_node.ModelRoutingEnabled = value
 	}
 	if value, ok := _c.mutation.McpXMLInject(); ok {
 		_spec.SetField(group.FieldMcpXMLInject, field.TypeBool, value)
 		_node.McpXMLInject = value
 	}
 	if value, ok := _c.mutation.SupportedModelScopes(); ok {
 		_spec.SetField(group.FieldSupportedModelScopes, field.TypeJSON, value)
 		_node.SupportedModelScopes = value
 	}
 	if value, ok := _c.mutation.SortOrder(); ok {
 		_spec.SetField(group.FieldSortOrder, field.TypeInt, value)
 		_node.SortOrder = value
 	}
 	if nodes := _c.mutation.APIKeysIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
@@ -1092,6 +1249,102 @@ func (u *GroupUpsert) ClearImagePrice4k() *GroupUpsert {
 	return u
 }
 // SetSoraImagePrice360 sets the "sora_image_price_360" field.
 func (u *GroupUpsert) SetSoraImagePrice360(v float64) *GroupUpsert {
 	u.Set(group.FieldSoraImagePrice360, v)
 	return u
 }
 // UpdateSoraImagePrice360 sets the "sora_image_price_360" field to the value that was provided on create.
 func (u *GroupUpsert) UpdateSoraImagePrice360() *GroupUpsert {
 	u.SetExcluded(group.FieldSoraImagePrice360)
 	return u
 }
 // AddSoraImagePrice360 adds v to the "sora_image_price_360" field.
 func (u *GroupUpsert) AddSoraImagePrice360(v float64) *GroupUpsert {
 	u.Add(group.FieldSoraImagePrice360, v)
 	return u
 }
 // ClearSoraImagePrice360 clears the value of the "sora_image_price_360" field.
 func (u *GroupUpsert) ClearSoraImagePrice360() *GroupUpsert {
 	u.SetNull(group.FieldSoraImagePrice360)
 	return u
 }
 // SetSoraImagePrice540 sets the "sora_image_price_540" field.
 func (u *GroupUpsert) SetSoraImagePrice540(v float64) *GroupUpsert {
 	u.Set(group.FieldSoraImagePrice540, v)
 	return u
 }
 // UpdateSoraImagePrice540 sets the "sora_image_price_540" field to the value that was provided on create.
 func (u *GroupUpsert) UpdateSoraImagePrice540() *GroupUpsert {
 	u.SetExcluded(group.FieldSoraImagePrice540)
 	return u
 }
 // AddSoraImagePrice540 adds v to the "sora_image_price_540" field.
 func (u *GroupUpsert) AddSoraImagePrice540(v float64) *GroupUpsert {
 	u.Add(group.FieldSoraImagePrice540, v)
 	return u
 }
 // ClearSoraImagePrice540 clears the value of the "sora_image_price_540" field.
 func (u *GroupUpsert) ClearSoraImagePrice540() *GroupUpsert {
 	u.SetNull(group.FieldSoraImagePrice540)
 	return u
 }
 // SetSoraVideoPricePerRequest sets the "sora_video_price_per_request" field.
 func (u *GroupUpsert) SetSoraVideoPricePerRequest(v float64) *GroupUpsert {
 	u.Set(group.FieldSoraVideoPricePerRequest, v)
 	return u
 }
 // UpdateSoraVideoPricePerRequest sets the "sora_video_price_per_request" field to the value that was provided on create.
 func (u *GroupUpsert) UpdateSoraVideoPricePerRequest() *GroupUpsert {
 	u.SetExcluded(group.FieldSoraVideoPricePerRequest)
 	return u
 }
 // AddSoraVideoPricePerRequest adds v to the "sora_video_price_per_request" field.
 func (u *GroupUpsert) AddSoraVideoPricePerRequest(v float64) *GroupUpsert {
 	u.Add(group.FieldSoraVideoPricePerRequest, v)
 	return u
 }
 // ClearSoraVideoPricePerRequest clears the value of the "sora_video_price_per_request" field.
 func (u *GroupUpsert) ClearSoraVideoPricePerRequest() *GroupUpsert {
 	u.SetNull(group.FieldSoraVideoPricePerRequest)
 	return u
 }
 // SetSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsert) SetSoraVideoPricePerRequestHd(v float64) *GroupUpsert {
 	u.Set(group.FieldSoraVideoPricePerRequestHd, v)
 	return u
 }
 // UpdateSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field to the value that was provided on create.
 func (u *GroupUpsert) UpdateSoraVideoPricePerRequestHd() *GroupUpsert {
 	u.SetExcluded(group.FieldSoraVideoPricePerRequestHd)
 	return u
 }
 // AddSoraVideoPricePerRequestHd adds v to the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsert) AddSoraVideoPricePerRequestHd(v float64) *GroupUpsert {
 	u.Add(group.FieldSoraVideoPricePerRequestHd, v)
 	return u
 }
 // ClearSoraVideoPricePerRequestHd clears the value of the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsert) ClearSoraVideoPricePerRequestHd() *GroupUpsert {
 	u.SetNull(group.FieldSoraVideoPricePerRequestHd)
 	return u
 }
 // SetClaudeCodeOnly sets the "claude_code_only" field.
 func (u *GroupUpsert) SetClaudeCodeOnly(v bool) *GroupUpsert {
 	u.Set(group.FieldClaudeCodeOnly, v)
@@ -1128,6 +1381,30 @@ func (u *GroupUpsert) ClearFallbackGroupID() *GroupUpsert {
 	return u
 }
 // SetFallbackGroupIDOnInvalidRequest sets the "fallback_group_id_on_invalid_request" field.
 func (u *GroupUpsert) SetFallbackGroupIDOnInvalidRequest(v int64) *GroupUpsert {
 	u.Set(group.FieldFallbackGroupIDOnInvalidRequest, v)
 	return u
 }
 // UpdateFallbackGroupIDOnInvalidRequest sets the "fallback_group_id_on_invalid_request" field to the value that was provided on create.
 func (u *GroupUpsert) UpdateFallbackGroupIDOnInvalidRequest() *GroupUpsert {
 	u.SetExcluded(group.FieldFallbackGroupIDOnInvalidRequest)
 	return u
 }
 // AddFallbackGroupIDOnInvalidRequest adds v to the "fallback_group_id_on_invalid_request" field.
 func (u *GroupUpsert) AddFallbackGroupIDOnInvalidRequest(v int64) *GroupUpsert {
 	u.Add(group.FieldFallbackGroupIDOnInvalidRequest, v)
 	return u
 }
 // ClearFallbackGroupIDOnInvalidRequest clears the value of the "fallback_group_id_on_invalid_request" field.
 func (u *GroupUpsert) ClearFallbackGroupIDOnInvalidRequest() *GroupUpsert {
 	u.SetNull(group.FieldFallbackGroupIDOnInvalidRequest)
 	return u
 }
 // SetModelRouting sets the "model_routing" field.
 func (u *GroupUpsert) SetModelRouting(v map[string][]int64) *GroupUpsert {
 	u.Set(group.FieldModelRouting, v)
@@ -1158,6 +1435,48 @@ func (u *GroupUpsert) UpdateModelRoutingEnabled() *GroupUpsert {
 	return u
 }
 // SetMcpXMLInject sets the "mcp_xml_inject" field.
 func (u *GroupUpsert) SetMcpXMLInject(v bool) *GroupUpsert {
 	u.Set(group.FieldMcpXMLInject, v)
 	return u
 }
 // UpdateMcpXMLInject sets the "mcp_xml_inject" field to the value that was provided on create.
 func (u *GroupUpsert) UpdateMcpXMLInject() *GroupUpsert {
 	u.SetExcluded(group.FieldMcpXMLInject)
 	return u
 }
 // SetSupportedModelScopes sets the "supported_model_scopes" field.
 func (u *GroupUpsert) SetSupportedModelScopes(v []string) *GroupUpsert {
 	u.Set(group.FieldSupportedModelScopes, v)
 	return u
 }
 // UpdateSupportedModelScopes sets the "supported_model_scopes" field to the value that was provided on create.
 func (u *GroupUpsert) UpdateSupportedModelScopes() *GroupUpsert {
 	u.SetExcluded(group.FieldSupportedModelScopes)
 	return u
 }
 // SetSortOrder sets the "sort_order" field.
 func (u *GroupUpsert) SetSortOrder(v int) *GroupUpsert {
 	u.Set(group.FieldSortOrder, v)
 	return u
 }
 // UpdateSortOrder sets the "sort_order" field to the value that was provided on create.
 func (u *GroupUpsert) UpdateSortOrder() *GroupUpsert {
 	u.SetExcluded(group.FieldSortOrder)
 	return u
 }
 // AddSortOrder adds v to the "sort_order" field.
 func (u *GroupUpsert) AddSortOrder(v int) *GroupUpsert {
 	u.Add(group.FieldSortOrder, v)
 	return u
 }
 // UpdateNewValues updates the mutable fields using the new values that were set on create.
 // Using this option is equivalent to using:
 //
@@ -1539,6 +1858,118 @@ func (u *GroupUpsertOne) ClearImagePrice4k() *GroupUpsertOne {
 	})
 }
 // SetSoraImagePrice360 sets the "sora_image_price_360" field.
 func (u *GroupUpsertOne) SetSoraImagePrice360(v float64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraImagePrice360(v)
 	})
 }
 // AddSoraImagePrice360 adds v to the "sora_image_price_360" field.
 func (u *GroupUpsertOne) AddSoraImagePrice360(v float64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraImagePrice360(v)
 	})
 }
 // UpdateSoraImagePrice360 sets the "sora_image_price_360" field to the value that was provided on create.
 func (u *GroupUpsertOne) UpdateSoraImagePrice360() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraImagePrice360()
 	})
 }
 // ClearSoraImagePrice360 clears the value of the "sora_image_price_360" field.
 func (u *GroupUpsertOne) ClearSoraImagePrice360() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearSoraImagePrice360()
 	})
 }
 // SetSoraImagePrice540 sets the "sora_image_price_540" field.
 func (u *GroupUpsertOne) SetSoraImagePrice540(v float64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraImagePrice540(v)
 	})
 }
 // AddSoraImagePrice540 adds v to the "sora_image_price_540" field.
 func (u *GroupUpsertOne) AddSoraImagePrice540(v float64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraImagePrice540(v)
 	})
 }
 // UpdateSoraImagePrice540 sets the "sora_image_price_540" field to the value that was provided on create.
 func (u *GroupUpsertOne) UpdateSoraImagePrice540() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraImagePrice540()
 	})
 }
 // ClearSoraImagePrice540 clears the value of the "sora_image_price_540" field.
 func (u *GroupUpsertOne) ClearSoraImagePrice540() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearSoraImagePrice540()
 	})
 }
 // SetSoraVideoPricePerRequest sets the "sora_video_price_per_request" field.
 func (u *GroupUpsertOne) SetSoraVideoPricePerRequest(v float64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraVideoPricePerRequest(v)
 	})
 }
 // AddSoraVideoPricePerRequest adds v to the "sora_video_price_per_request" field.
 func (u *GroupUpsertOne) AddSoraVideoPricePerRequest(v float64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraVideoPricePerRequest(v)
 	})
 }
 // UpdateSoraVideoPricePerRequest sets the "sora_video_price_per_request" field to the value that was provided on create.
 func (u *GroupUpsertOne) UpdateSoraVideoPricePerRequest() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraVideoPricePerRequest()
 	})
 }
 // ClearSoraVideoPricePerRequest clears the value of the "sora_video_price_per_request" field.
 func (u *GroupUpsertOne) ClearSoraVideoPricePerRequest() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearSoraVideoPricePerRequest()
 	})
 }
 // SetSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsertOne) SetSoraVideoPricePerRequestHd(v float64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraVideoPricePerRequestHd(v)
 	})
 }
 // AddSoraVideoPricePerRequestHd adds v to the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsertOne) AddSoraVideoPricePerRequestHd(v float64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraVideoPricePerRequestHd(v)
 	})
 }
 // UpdateSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field to the value that was provided on create.
 func (u *GroupUpsertOne) UpdateSoraVideoPricePerRequestHd() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraVideoPricePerRequestHd()
 	})
 }
 // ClearSoraVideoPricePerRequestHd clears the value of the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsertOne) ClearSoraVideoPricePerRequestHd() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearSoraVideoPricePerRequestHd()
 	})
 }
 // SetClaudeCodeOnly sets the "claude_code_only" field.
 func (u *GroupUpsertOne) SetClaudeCodeOnly(v bool) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
@@ -1581,6 +2012,34 @@ func (u *GroupUpsertOne) ClearFallbackGroupID() *GroupUpsertOne {
 	})
 }
 // SetFallbackGroupIDOnInvalidRequest sets the "fallback_group_id_on_invalid_request" field.
 func (u *GroupUpsertOne) SetFallbackGroupIDOnInvalidRequest(v int64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetFallbackGroupIDOnInvalidRequest(v)
 	})
 }
 // AddFallbackGroupIDOnInvalidRequest adds v to the "fallback_group_id_on_invalid_request" field.
 func (u *GroupUpsertOne) AddFallbackGroupIDOnInvalidRequest(v int64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddFallbackGroupIDOnInvalidRequest(v)
 	})
 }
 // UpdateFallbackGroupIDOnInvalidRequest sets the "fallback_group_id_on_invalid_request" field to the value that was provided on create.
 func (u *GroupUpsertOne) UpdateFallbackGroupIDOnInvalidRequest() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateFallbackGroupIDOnInvalidRequest()
 	})
 }
 // ClearFallbackGroupIDOnInvalidRequest clears the value of the "fallback_group_id_on_invalid_request" field.
 func (u *GroupUpsertOne) ClearFallbackGroupIDOnInvalidRequest() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearFallbackGroupIDOnInvalidRequest()
 	})
 }
 // SetModelRouting sets the "model_routing" field.
 func (u *GroupUpsertOne) SetModelRouting(v map[string][]int64) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
@@ -1616,6 +2075,55 @@ func (u *GroupUpsertOne) UpdateModelRoutingEnabled() *GroupUpsertOne {
 	})
 }
 // SetMcpXMLInject sets the "mcp_xml_inject" field.
 func (u *GroupUpsertOne) SetMcpXMLInject(v bool) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetMcpXMLInject(v)
 	})
 }
 // UpdateMcpXMLInject sets the "mcp_xml_inject" field to the value that was provided on create.
 func (u *GroupUpsertOne) UpdateMcpXMLInject() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateMcpXMLInject()
 	})
 }
 // SetSupportedModelScopes sets the "supported_model_scopes" field.
 func (u *GroupUpsertOne) SetSupportedModelScopes(v []string) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSupportedModelScopes(v)
 	})
 }
 // UpdateSupportedModelScopes sets the "supported_model_scopes" field to the value that was provided on create.
 func (u *GroupUpsertOne) UpdateSupportedModelScopes() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSupportedModelScopes()
 	})
 }
 // SetSortOrder sets the "sort_order" field.
 func (u *GroupUpsertOne) SetSortOrder(v int) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSortOrder(v)
 	})
 }
 // AddSortOrder adds v to the "sort_order" field.
 func (u *GroupUpsertOne) AddSortOrder(v int) *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSortOrder(v)
 	})
 }
 // UpdateSortOrder sets the "sort_order" field to the value that was provided on create.
 func (u *GroupUpsertOne) UpdateSortOrder() *GroupUpsertOne {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSortOrder()
 	})
 }
 // Exec executes the query.
 func (u *GroupUpsertOne) Exec(ctx context.Context) error {
 	if len(u.create.conflict) == 0 {
@@ -2163,6 +2671,118 @@ func (u *GroupUpsertBulk) ClearImagePrice4k() *GroupUpsertBulk {
 	})
 }
 // SetSoraImagePrice360 sets the "sora_image_price_360" field.
 func (u *GroupUpsertBulk) SetSoraImagePrice360(v float64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraImagePrice360(v)
 	})
 }
 // AddSoraImagePrice360 adds v to the "sora_image_price_360" field.
 func (u *GroupUpsertBulk) AddSoraImagePrice360(v float64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraImagePrice360(v)
 	})
 }
 // UpdateSoraImagePrice360 sets the "sora_image_price_360" field to the value that was provided on create.
 func (u *GroupUpsertBulk) UpdateSoraImagePrice360() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraImagePrice360()
 	})
 }
 // ClearSoraImagePrice360 clears the value of the "sora_image_price_360" field.
 func (u *GroupUpsertBulk) ClearSoraImagePrice360() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearSoraImagePrice360()
 	})
 }
 // SetSoraImagePrice540 sets the "sora_image_price_540" field.
 func (u *GroupUpsertBulk) SetSoraImagePrice540(v float64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraImagePrice540(v)
 	})
 }
 // AddSoraImagePrice540 adds v to the "sora_image_price_540" field.
 func (u *GroupUpsertBulk) AddSoraImagePrice540(v float64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraImagePrice540(v)
 	})
 }
 // UpdateSoraImagePrice540 sets the "sora_image_price_540" field to the value that was provided on create.
 func (u *GroupUpsertBulk) UpdateSoraImagePrice540() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraImagePrice540()
 	})
 }
 // ClearSoraImagePrice540 clears the value of the "sora_image_price_540" field.
 func (u *GroupUpsertBulk) ClearSoraImagePrice540() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearSoraImagePrice540()
 	})
 }
 // SetSoraVideoPricePerRequest sets the "sora_video_price_per_request" field.
 func (u *GroupUpsertBulk) SetSoraVideoPricePerRequest(v float64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraVideoPricePerRequest(v)
 	})
 }
 // AddSoraVideoPricePerRequest adds v to the "sora_video_price_per_request" field.
 func (u *GroupUpsertBulk) AddSoraVideoPricePerRequest(v float64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraVideoPricePerRequest(v)
 	})
 }
 // UpdateSoraVideoPricePerRequest sets the "sora_video_price_per_request" field to the value that was provided on create.
 func (u *GroupUpsertBulk) UpdateSoraVideoPricePerRequest() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraVideoPricePerRequest()
 	})
 }
 // ClearSoraVideoPricePerRequest clears the value of the "sora_video_price_per_request" field.
 func (u *GroupUpsertBulk) ClearSoraVideoPricePerRequest() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearSoraVideoPricePerRequest()
 	})
 }
 // SetSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsertBulk) SetSoraVideoPricePerRequestHd(v float64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSoraVideoPricePerRequestHd(v)
 	})
 }
 // AddSoraVideoPricePerRequestHd adds v to the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsertBulk) AddSoraVideoPricePerRequestHd(v float64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSoraVideoPricePerRequestHd(v)
 	})
 }
 // UpdateSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field to the value that was provided on create.
 func (u *GroupUpsertBulk) UpdateSoraVideoPricePerRequestHd() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSoraVideoPricePerRequestHd()
 	})
 }
 // ClearSoraVideoPricePerRequestHd clears the value of the "sora_video_price_per_request_hd" field.
 func (u *GroupUpsertBulk) ClearSoraVideoPricePerRequestHd() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearSoraVideoPricePerRequestHd()
 	})
 }
 // SetClaudeCodeOnly sets the "claude_code_only" field.
 func (u *GroupUpsertBulk) SetClaudeCodeOnly(v bool) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
@@ -2205,6 +2825,34 @@ func (u *GroupUpsertBulk) ClearFallbackGroupID() *GroupUpsertBulk {
 	})
 }
 // SetFallbackGroupIDOnInvalidRequest sets the "fallback_group_id_on_invalid_request" field.
 func (u *GroupUpsertBulk) SetFallbackGroupIDOnInvalidRequest(v int64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetFallbackGroupIDOnInvalidRequest(v)
 	})
 }
 // AddFallbackGroupIDOnInvalidRequest adds v to the "fallback_group_id_on_invalid_request" field.
 func (u *GroupUpsertBulk) AddFallbackGroupIDOnInvalidRequest(v int64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddFallbackGroupIDOnInvalidRequest(v)
 	})
 }
 // UpdateFallbackGroupIDOnInvalidRequest sets the "fallback_group_id_on_invalid_request" field to the value that was provided on create.
 func (u *GroupUpsertBulk) UpdateFallbackGroupIDOnInvalidRequest() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateFallbackGroupIDOnInvalidRequest()
 	})
 }
 // ClearFallbackGroupIDOnInvalidRequest clears the value of the "fallback_group_id_on_invalid_request" field.
 func (u *GroupUpsertBulk) ClearFallbackGroupIDOnInvalidRequest() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.ClearFallbackGroupIDOnInvalidRequest()
 	})
 }
 // SetModelRouting sets the "model_routing" field.
 func (u *GroupUpsertBulk) SetModelRouting(v map[string][]int64) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
@@ -2240,6 +2888,55 @@ func (u *GroupUpsertBulk) UpdateModelRoutingEnabled() *GroupUpsertBulk {
 	})
 }
 // SetMcpXMLInject sets the "mcp_xml_inject" field.
 func (u *GroupUpsertBulk) SetMcpXMLInject(v bool) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetMcpXMLInject(v)
 	})
 }
 // UpdateMcpXMLInject sets the "mcp_xml_inject" field to the value that was provided on create.
 func (u *GroupUpsertBulk) UpdateMcpXMLInject() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateMcpXMLInject()
 	})
 }
 // SetSupportedModelScopes sets the "supported_model_scopes" field.
 func (u *GroupUpsertBulk) SetSupportedModelScopes(v []string) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSupportedModelScopes(v)
 	})
 }
 // UpdateSupportedModelScopes sets the "supported_model_scopes" field to the value that was provided on create.
 func (u *GroupUpsertBulk) UpdateSupportedModelScopes() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSupportedModelScopes()
 	})
 }
 // SetSortOrder sets the "sort_order" field.
 func (u *GroupUpsertBulk) SetSortOrder(v int) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.SetSortOrder(v)
 	})
 }
 // AddSortOrder adds v to the "sort_order" field.
 func (u *GroupUpsertBulk) AddSortOrder(v int) *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.AddSortOrder(v)
 	})
 }
 // UpdateSortOrder sets the "sort_order" field to the value that was provided on create.
 func (u *GroupUpsertBulk) UpdateSortOrder() *GroupUpsertBulk {
 	return u.Update(func(s *GroupUpsert) {
 		s.UpdateSortOrder()
 	})
 }
 // Exec executes the query.
 func (u *GroupUpsertBulk) Exec(ctx context.Context) error {
 	if u.create.err != nil {
--- a/backend/ent/group_update.go
+++ b/backend/ent/group_update.go
@@ -10,6 +10,7 @@ import (
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/dialect/sql/sqljson"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/account"
 	"github.com/Wei-Shaw/sub2api/ent/apikey"
@@ -354,6 +355,114 @@ func (_u *GroupUpdate) ClearImagePrice4k() *GroupUpdate {
 	return _u
 }
 // SetSoraImagePrice360 sets the "sora_image_price_360" field.
 func (_u *GroupUpdate) SetSoraImagePrice360(v float64) *GroupUpdate {
 	_u.mutation.ResetSoraImagePrice360()
 	_u.mutation.SetSoraImagePrice360(v)
 	return _u
 }
 // SetNillableSoraImagePrice360 sets the "sora_image_price_360" field if the given value is not nil.
 func (_u *GroupUpdate) SetNillableSoraImagePrice360(v *float64) *GroupUpdate {
 	if v != nil {
 		_u.SetSoraImagePrice360(*v)
 	}
 	return _u
 }
 // AddSoraImagePrice360 adds value to the "sora_image_price_360" field.
 func (_u *GroupUpdate) AddSoraImagePrice360(v float64) *GroupUpdate {
 	_u.mutation.AddSoraImagePrice360(v)
 	return _u
 }
 // ClearSoraImagePrice360 clears the value of the "sora_image_price_360" field.
 func (_u *GroupUpdate) ClearSoraImagePrice360() *GroupUpdate {
 	_u.mutation.ClearSoraImagePrice360()
 	return _u
 }
 // SetSoraImagePrice540 sets the "sora_image_price_540" field.
 func (_u *GroupUpdate) SetSoraImagePrice540(v float64) *GroupUpdate {
 	_u.mutation.ResetSoraImagePrice540()
 	_u.mutation.SetSoraImagePrice540(v)
 	return _u
 }
 // SetNillableSoraImagePrice540 sets the "sora_image_price_540" field if the given value is not nil.
 func (_u *GroupUpdate) SetNillableSoraImagePrice540(v *float64) *GroupUpdate {
 	if v != nil {
 		_u.SetSoraImagePrice540(*v)
 	}
 	return _u
 }
 // AddSoraImagePrice540 adds value to the "sora_image_price_540" field.
 func (_u *GroupUpdate) AddSoraImagePrice540(v float64) *GroupUpdate {
 	_u.mutation.AddSoraImagePrice540(v)
 	return _u
 }
 // ClearSoraImagePrice540 clears the value of the "sora_image_price_540" field.
 func (_u *GroupUpdate) ClearSoraImagePrice540() *GroupUpdate {
 	_u.mutation.ClearSoraImagePrice540()
 	return _u
 }
 // SetSoraVideoPricePerRequest sets the "sora_video_price_per_request" field.
 func (_u *GroupUpdate) SetSoraVideoPricePerRequest(v float64) *GroupUpdate {
 	_u.mutation.ResetSoraVideoPricePerRequest()
 	_u.mutation.SetSoraVideoPricePerRequest(v)
 	return _u
 }
 // SetNillableSoraVideoPricePerRequest sets the "sora_video_price_per_request" field if the given value is not nil.
 func (_u *GroupUpdate) SetNillableSoraVideoPricePerRequest(v *float64) *GroupUpdate {
 	if v != nil {
 		_u.SetSoraVideoPricePerRequest(*v)
 	}
 	return _u
 }
 // AddSoraVideoPricePerRequest adds value to the "sora_video_price_per_request" field.
 func (_u *GroupUpdate) AddSoraVideoPricePerRequest(v float64) *GroupUpdate {
 	_u.mutation.AddSoraVideoPricePerRequest(v)
 	return _u
 }
 // ClearSoraVideoPricePerRequest clears the value of the "sora_video_price_per_request" field.
 func (_u *GroupUpdate) ClearSoraVideoPricePerRequest() *GroupUpdate {
 	_u.mutation.ClearSoraVideoPricePerRequest()
 	return _u
 }
 // SetSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field.
 func (_u *GroupUpdate) SetSoraVideoPricePerRequestHd(v float64) *GroupUpdate {
 	_u.mutation.ResetSoraVideoPricePerRequestHd()
 	_u.mutation.SetSoraVideoPricePerRequestHd(v)
 	return _u
 }
 // SetNillableSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field if the given value is not nil.
 func (_u *GroupUpdate) SetNillableSoraVideoPricePerRequestHd(v *float64) *GroupUpdate {
 	if v != nil {
 		_u.SetSoraVideoPricePerRequestHd(*v)
 	}
 	return _u
 }
 // AddSoraVideoPricePerRequestHd adds value to the "sora_video_price_per_request_hd" field.
 func (_u *GroupUpdate) AddSoraVideoPricePerRequestHd(v float64) *GroupUpdate {
 	_u.mutation.AddSoraVideoPricePerRequestHd(v)
 	return _u
 }
 // ClearSoraVideoPricePerRequestHd clears the value of the "sora_video_price_per_request_hd" field.
 func (_u *GroupUpdate) ClearSoraVideoPricePerRequestHd() *GroupUpdate {
 	_u.mutation.ClearSoraVideoPricePerRequestHd()
 	return _u
 }
 // SetClaudeCodeOnly sets the "claude_code_only" field.
 func (_u *GroupUpdate) SetClaudeCodeOnly(v bool) *GroupUpdate {
 	_u.mutation.SetClaudeCodeOnly(v)
@@ -395,6 +504,33 @@ func (_u *GroupUpdate) ClearFallbackGroupID() *GroupUpdate {
 	return _u
 }
 // SetFallbackGroupIDOnInvalidRequest sets the "fallback_group_id_on_invalid_request" field.
 func (_u *GroupUpdate) SetFallbackGroupIDOnInvalidRequest(v int64) *GroupUpdate {
 	_u.mutation.ResetFallbackGroupIDOnInvalidRequest()
 	_u.mutation.SetFallbackGroupIDOnInvalidRequest(v)
 	return _u
 }
 // SetNillableFallbackGroupIDOnInvalidRequest sets the "fallback_group_id_on_invalid_request" field if the given value is not nil.
 func (_u *GroupUpdate) SetNillableFallbackGroupIDOnInvalidRequest(v *int64) *GroupUpdate {
 	if v != nil {
 		_u.SetFallbackGroupIDOnInvalidRequest(*v)
 	}
 	return _u
 }
 // AddFallbackGroupIDOnInvalidRequest adds value to the "fallback_group_id_on_invalid_request" field.
 func (_u *GroupUpdate) AddFallbackGroupIDOnInvalidRequest(v int64) *GroupUpdate {
 	_u.mutation.AddFallbackGroupIDOnInvalidRequest(v)
 	return _u
 }
 // ClearFallbackGroupIDOnInvalidRequest clears the value of the "fallback_group_id_on_invalid_request" field.
 func (_u *GroupUpdate) ClearFallbackGroupIDOnInvalidRequest() *GroupUpdate {
 	_u.mutation.ClearFallbackGroupIDOnInvalidRequest()
 	return _u
 }
 // SetModelRouting sets the "model_routing" field.
 func (_u *GroupUpdate) SetModelRouting(v map[string][]int64) *GroupUpdate {
 	_u.mutation.SetModelRouting(v)
@@ -421,6 +557,53 @@ func (_u *GroupUpdate) SetNillableModelRoutingEnabled(v *bool) *GroupUpdate {
 	return _u
 }
 // SetMcpXMLInject sets the "mcp_xml_inject" field.
 func (_u *GroupUpdate) SetMcpXMLInject(v bool) *GroupUpdate {
 	_u.mutation.SetMcpXMLInject(v)
 	return _u
 }
 // SetNillableMcpXMLInject sets the "mcp_xml_inject" field if the given value is not nil.
 func (_u *GroupUpdate) SetNillableMcpXMLInject(v *bool) *GroupUpdate {
 	if v != nil {
 		_u.SetMcpXMLInject(*v)
 	}
 	return _u
 }
 // SetSupportedModelScopes sets the "supported_model_scopes" field.
 func (_u *GroupUpdate) SetSupportedModelScopes(v []string) *GroupUpdate {
 	_u.mutation.SetSupportedModelScopes(v)
 	return _u
 }
 // AppendSupportedModelScopes appends value to the "supported_model_scopes" field.
 func (_u *GroupUpdate) AppendSupportedModelScopes(v []string) *GroupUpdate {
 	_u.mutation.AppendSupportedModelScopes(v)
 	return _u
 }
 // SetSortOrder sets the "sort_order" field.
 func (_u *GroupUpdate) SetSortOrder(v int) *GroupUpdate {
 	_u.mutation.ResetSortOrder()
 	_u.mutation.SetSortOrder(v)
 	return _u
 }
 // SetNillableSortOrder sets the "sort_order" field if the given value is not nil.
 func (_u *GroupUpdate) SetNillableSortOrder(v *int) *GroupUpdate {
 	if v != nil {
 		_u.SetSortOrder(*v)
 	}
 	return _u
 }
 // AddSortOrder adds value to the "sort_order" field.
 func (_u *GroupUpdate) AddSortOrder(v int) *GroupUpdate {
 	_u.mutation.AddSortOrder(v)
 	return _u
 }
 // AddAPIKeyIDs adds the "api_keys" edge to the APIKey entity by IDs.
 func (_u *GroupUpdate) AddAPIKeyIDs(ids ...int64) *GroupUpdate {
 	_u.mutation.AddAPIKeyIDs(ids...)
@@ -817,6 +1000,42 @@ func (_u *GroupUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 	if _u.mutation.ImagePrice4kCleared() {
 		_spec.ClearField(group.FieldImagePrice4k, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraImagePrice360(); ok {
 		_spec.SetField(group.FieldSoraImagePrice360, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraImagePrice360(); ok {
 		_spec.AddField(group.FieldSoraImagePrice360, field.TypeFloat64, value)
 	}
 	if _u.mutation.SoraImagePrice360Cleared() {
 		_spec.ClearField(group.FieldSoraImagePrice360, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraImagePrice540(); ok {
 		_spec.SetField(group.FieldSoraImagePrice540, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraImagePrice540(); ok {
 		_spec.AddField(group.FieldSoraImagePrice540, field.TypeFloat64, value)
 	}
 	if _u.mutation.SoraImagePrice540Cleared() {
 		_spec.ClearField(group.FieldSoraImagePrice540, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraVideoPricePerRequest(); ok {
 		_spec.SetField(group.FieldSoraVideoPricePerRequest, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraVideoPricePerRequest(); ok {
 		_spec.AddField(group.FieldSoraVideoPricePerRequest, field.TypeFloat64, value)
 	}
 	if _u.mutation.SoraVideoPricePerRequestCleared() {
 		_spec.ClearField(group.FieldSoraVideoPricePerRequest, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraVideoPricePerRequestHd(); ok {
 		_spec.SetField(group.FieldSoraVideoPricePerRequestHd, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraVideoPricePerRequestHd(); ok {
 		_spec.AddField(group.FieldSoraVideoPricePerRequestHd, field.TypeFloat64, value)
 	}
 	if _u.mutation.SoraVideoPricePerRequestHdCleared() {
 		_spec.ClearField(group.FieldSoraVideoPricePerRequestHd, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.ClaudeCodeOnly(); ok {
 		_spec.SetField(group.FieldClaudeCodeOnly, field.TypeBool, value)
 	}
@@ -829,6 +1048,15 @@ func (_u *GroupUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 	if _u.mutation.FallbackGroupIDCleared() {
 		_spec.ClearField(group.FieldFallbackGroupID, field.TypeInt64)
 	}
 	if value, ok := _u.mutation.FallbackGroupIDOnInvalidRequest(); ok {
 		_spec.SetField(group.FieldFallbackGroupIDOnInvalidRequest, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.AddedFallbackGroupIDOnInvalidRequest(); ok {
 		_spec.AddField(group.FieldFallbackGroupIDOnInvalidRequest, field.TypeInt64, value)
 	}
 	if _u.mutation.FallbackGroupIDOnInvalidRequestCleared() {
 		_spec.ClearField(group.FieldFallbackGroupIDOnInvalidRequest, field.TypeInt64)
 	}
 	if value, ok := _u.mutation.ModelRouting(); ok {
 		_spec.SetField(group.FieldModelRouting, field.TypeJSON, value)
 	}
@@ -838,6 +1066,23 @@ func (_u *GroupUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 	if value, ok := _u.mutation.ModelRoutingEnabled(); ok {
 		_spec.SetField(group.FieldModelRoutingEnabled, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.McpXMLInject(); ok {
 		_spec.SetField(group.FieldMcpXMLInject, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.SupportedModelScopes(); ok {
 		_spec.SetField(group.FieldSupportedModelScopes, field.TypeJSON, value)
 	}
 	if value, ok := _u.mutation.AppendedSupportedModelScopes(); ok {
 		_spec.AddModifier(func(u *sql.UpdateBuilder) {
 			sqljson.Append(u, group.FieldSupportedModelScopes, value)
 		})
 	}
 	if value, ok := _u.mutation.SortOrder(); ok {
 		_spec.SetField(group.FieldSortOrder, field.TypeInt, value)
 	}
 	if value, ok := _u.mutation.AddedSortOrder(); ok {
 		_spec.AddField(group.FieldSortOrder, field.TypeInt, value)
 	}
 	if _u.mutation.APIKeysCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
@@ -1472,6 +1717,114 @@ func (_u *GroupUpdateOne) ClearImagePrice4k() *GroupUpdateOne {
 	return _u
 }
 // SetSoraImagePrice360 sets the "sora_image_price_360" field.
 func (_u *GroupUpdateOne) SetSoraImagePrice360(v float64) *GroupUpdateOne {
 	_u.mutation.ResetSoraImagePrice360()
 	_u.mutation.SetSoraImagePrice360(v)
 	return _u
 }
 // SetNillableSoraImagePrice360 sets the "sora_image_price_360" field if the given value is not nil.
 func (_u *GroupUpdateOne) SetNillableSoraImagePrice360(v *float64) *GroupUpdateOne {
 	if v != nil {
 		_u.SetSoraImagePrice360(*v)
 	}
 	return _u
 }
 // AddSoraImagePrice360 adds value to the "sora_image_price_360" field.
 func (_u *GroupUpdateOne) AddSoraImagePrice360(v float64) *GroupUpdateOne {
 	_u.mutation.AddSoraImagePrice360(v)
 	return _u
 }
 // ClearSoraImagePrice360 clears the value of the "sora_image_price_360" field.
 func (_u *GroupUpdateOne) ClearSoraImagePrice360() *GroupUpdateOne {
 	_u.mutation.ClearSoraImagePrice360()
 	return _u
 }
 // SetSoraImagePrice540 sets the "sora_image_price_540" field.
 func (_u *GroupUpdateOne) SetSoraImagePrice540(v float64) *GroupUpdateOne {
 	_u.mutation.ResetSoraImagePrice540()
 	_u.mutation.SetSoraImagePrice540(v)
 	return _u
 }
 // SetNillableSoraImagePrice540 sets the "sora_image_price_540" field if the given value is not nil.
 func (_u *GroupUpdateOne) SetNillableSoraImagePrice540(v *float64) *GroupUpdateOne {
 	if v != nil {
 		_u.SetSoraImagePrice540(*v)
 	}
 	return _u
 }
 // AddSoraImagePrice540 adds value to the "sora_image_price_540" field.
 func (_u *GroupUpdateOne) AddSoraImagePrice540(v float64) *GroupUpdateOne {
 	_u.mutation.AddSoraImagePrice540(v)
 	return _u
 }
 // ClearSoraImagePrice540 clears the value of the "sora_image_price_540" field.
 func (_u *GroupUpdateOne) ClearSoraImagePrice540() *GroupUpdateOne {
 	_u.mutation.ClearSoraImagePrice540()
 	return _u
 }
 // SetSoraVideoPricePerRequest sets the "sora_video_price_per_request" field.
 func (_u *GroupUpdateOne) SetSoraVideoPricePerRequest(v float64) *GroupUpdateOne {
 	_u.mutation.ResetSoraVideoPricePerRequest()
 	_u.mutation.SetSoraVideoPricePerRequest(v)
 	return _u
 }
 // SetNillableSoraVideoPricePerRequest sets the "sora_video_price_per_request" field if the given value is not nil.
 func (_u *GroupUpdateOne) SetNillableSoraVideoPricePerRequest(v *float64) *GroupUpdateOne {
 	if v != nil {
 		_u.SetSoraVideoPricePerRequest(*v)
 	}
 	return _u
 }
 // AddSoraVideoPricePerRequest adds value to the "sora_video_price_per_request" field.
 func (_u *GroupUpdateOne) AddSoraVideoPricePerRequest(v float64) *GroupUpdateOne {
 	_u.mutation.AddSoraVideoPricePerRequest(v)
 	return _u
 }
 // ClearSoraVideoPricePerRequest clears the value of the "sora_video_price_per_request" field.
 func (_u *GroupUpdateOne) ClearSoraVideoPricePerRequest() *GroupUpdateOne {
 	_u.mutation.ClearSoraVideoPricePerRequest()
 	return _u
 }
 // SetSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field.
 func (_u *GroupUpdateOne) SetSoraVideoPricePerRequestHd(v float64) *GroupUpdateOne {
 	_u.mutation.ResetSoraVideoPricePerRequestHd()
 	_u.mutation.SetSoraVideoPricePerRequestHd(v)
 	return _u
 }
 // SetNillableSoraVideoPricePerRequestHd sets the "sora_video_price_per_request_hd" field if the given value is not nil.
 func (_u *GroupUpdateOne) SetNillableSoraVideoPricePerRequestHd(v *float64) *GroupUpdateOne {
 	if v != nil {
 		_u.SetSoraVideoPricePerRequestHd(*v)
 	}
 	return _u
 }
 // AddSoraVideoPricePerRequestHd adds value to the "sora_video_price_per_request_hd" field.
 func (_u *GroupUpdateOne) AddSoraVideoPricePerRequestHd(v float64) *GroupUpdateOne {
 	_u.mutation.AddSoraVideoPricePerRequestHd(v)
 	return _u
 }
 // ClearSoraVideoPricePerRequestHd clears the value of the "sora_video_price_per_request_hd" field.
 func (_u *GroupUpdateOne) ClearSoraVideoPricePerRequestHd() *GroupUpdateOne {
 	_u.mutation.ClearSoraVideoPricePerRequestHd()
 	return _u
 }
 // SetClaudeCodeOnly sets the "claude_code_only" field.
 func (_u *GroupUpdateOne) SetClaudeCodeOnly(v bool) *GroupUpdateOne {
 	_u.mutation.SetClaudeCodeOnly(v)
@@ -1513,6 +1866,33 @@ func (_u *GroupUpdateOne) ClearFallbackGroupID() *GroupUpdateOne {
 	return _u
 }
 // SetFallbackGroupIDOnInvalidRequest sets the "fallback_group_id_on_invalid_request" field.
 func (_u *GroupUpdateOne) SetFallbackGroupIDOnInvalidRequest(v int64) *GroupUpdateOne {
 	_u.mutation.ResetFallbackGroupIDOnInvalidRequest()
 	_u.mutation.SetFallbackGroupIDOnInvalidRequest(v)
 	return _u
 }
 // SetNillableFallbackGroupIDOnInvalidRequest sets the "fallback_group_id_on_invalid_request" field if the given value is not nil.
 func (_u *GroupUpdateOne) SetNillableFallbackGroupIDOnInvalidRequest(v *int64) *GroupUpdateOne {
 	if v != nil {
 		_u.SetFallbackGroupIDOnInvalidRequest(*v)
 	}
 	return _u
 }
 // AddFallbackGroupIDOnInvalidRequest adds value to the "fallback_group_id_on_invalid_request" field.
 func (_u *GroupUpdateOne) AddFallbackGroupIDOnInvalidRequest(v int64) *GroupUpdateOne {
 	_u.mutation.AddFallbackGroupIDOnInvalidRequest(v)
 	return _u
 }
 // ClearFallbackGroupIDOnInvalidRequest clears the value of the "fallback_group_id_on_invalid_request" field.
 func (_u *GroupUpdateOne) ClearFallbackGroupIDOnInvalidRequest() *GroupUpdateOne {
 	_u.mutation.ClearFallbackGroupIDOnInvalidRequest()
 	return _u
 }
 // SetModelRouting sets the "model_routing" field.
 func (_u *GroupUpdateOne) SetModelRouting(v map[string][]int64) *GroupUpdateOne {
 	_u.mutation.SetModelRouting(v)
@@ -1539,6 +1919,53 @@ func (_u *GroupUpdateOne) SetNillableModelRoutingEnabled(v *bool) *GroupUpdateOn
 	return _u
 }
 // SetMcpXMLInject sets the "mcp_xml_inject" field.
 func (_u *GroupUpdateOne) SetMcpXMLInject(v bool) *GroupUpdateOne {
 	_u.mutation.SetMcpXMLInject(v)
 	return _u
 }
 // SetNillableMcpXMLInject sets the "mcp_xml_inject" field if the given value is not nil.
 func (_u *GroupUpdateOne) SetNillableMcpXMLInject(v *bool) *GroupUpdateOne {
 	if v != nil {
 		_u.SetMcpXMLInject(*v)
 	}
 	return _u
 }
 // SetSupportedModelScopes sets the "supported_model_scopes" field.
 func (_u *GroupUpdateOne) SetSupportedModelScopes(v []string) *GroupUpdateOne {
 	_u.mutation.SetSupportedModelScopes(v)
 	return _u
 }
 // AppendSupportedModelScopes appends value to the "supported_model_scopes" field.
 func (_u *GroupUpdateOne) AppendSupportedModelScopes(v []string) *GroupUpdateOne {
 	_u.mutation.AppendSupportedModelScopes(v)
 	return _u
 }
 // SetSortOrder sets the "sort_order" field.
 func (_u *GroupUpdateOne) SetSortOrder(v int) *GroupUpdateOne {
 	_u.mutation.ResetSortOrder()
 	_u.mutation.SetSortOrder(v)
 	return _u
 }
 // SetNillableSortOrder sets the "sort_order" field if the given value is not nil.
 func (_u *GroupUpdateOne) SetNillableSortOrder(v *int) *GroupUpdateOne {
 	if v != nil {
 		_u.SetSortOrder(*v)
 	}
 	return _u
 }
 // AddSortOrder adds value to the "sort_order" field.
 func (_u *GroupUpdateOne) AddSortOrder(v int) *GroupUpdateOne {
 	_u.mutation.AddSortOrder(v)
 	return _u
 }
 // AddAPIKeyIDs adds the "api_keys" edge to the APIKey entity by IDs.
 func (_u *GroupUpdateOne) AddAPIKeyIDs(ids ...int64) *GroupUpdateOne {
 	_u.mutation.AddAPIKeyIDs(ids...)
@@ -1965,6 +2392,42 @@ func (_u *GroupUpdateOne) sqlSave(ctx context.Context) (_node *Group, err error)
 	if _u.mutation.ImagePrice4kCleared() {
 		_spec.ClearField(group.FieldImagePrice4k, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraImagePrice360(); ok {
 		_spec.SetField(group.FieldSoraImagePrice360, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraImagePrice360(); ok {
 		_spec.AddField(group.FieldSoraImagePrice360, field.TypeFloat64, value)
 	}
 	if _u.mutation.SoraImagePrice360Cleared() {
 		_spec.ClearField(group.FieldSoraImagePrice360, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraImagePrice540(); ok {
 		_spec.SetField(group.FieldSoraImagePrice540, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraImagePrice540(); ok {
 		_spec.AddField(group.FieldSoraImagePrice540, field.TypeFloat64, value)
 	}
 	if _u.mutation.SoraImagePrice540Cleared() {
 		_spec.ClearField(group.FieldSoraImagePrice540, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraVideoPricePerRequest(); ok {
 		_spec.SetField(group.FieldSoraVideoPricePerRequest, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraVideoPricePerRequest(); ok {
 		_spec.AddField(group.FieldSoraVideoPricePerRequest, field.TypeFloat64, value)
 	}
 	if _u.mutation.SoraVideoPricePerRequestCleared() {
 		_spec.ClearField(group.FieldSoraVideoPricePerRequest, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.SoraVideoPricePerRequestHd(); ok {
 		_spec.SetField(group.FieldSoraVideoPricePerRequestHd, field.TypeFloat64, value)
 	}
 	if value, ok := _u.mutation.AddedSoraVideoPricePerRequestHd(); ok {
 		_spec.AddField(group.FieldSoraVideoPricePerRequestHd, field.TypeFloat64, value)
 	}
 	if _u.mutation.SoraVideoPricePerRequestHdCleared() {
 		_spec.ClearField(group.FieldSoraVideoPricePerRequestHd, field.TypeFloat64)
 	}
 	if value, ok := _u.mutation.ClaudeCodeOnly(); ok {
 		_spec.SetField(group.FieldClaudeCodeOnly, field.TypeBool, value)
 	}
@@ -1977,6 +2440,15 @@ func (_u *GroupUpdateOne) sqlSave(ctx context.Context) (_node *Group, err error)
 	if _u.mutation.FallbackGroupIDCleared() {
 		_spec.ClearField(group.FieldFallbackGroupID, field.TypeInt64)
 	}
 	if value, ok := _u.mutation.FallbackGroupIDOnInvalidRequest(); ok {
 		_spec.SetField(group.FieldFallbackGroupIDOnInvalidRequest, field.TypeInt64, value)
 	}
 	if value, ok := _u.mutation.AddedFallbackGroupIDOnInvalidRequest(); ok {
 		_spec.AddField(group.FieldFallbackGroupIDOnInvalidRequest, field.TypeInt64, value)
 	}
 	if _u.mutation.FallbackGroupIDOnInvalidRequestCleared() {
 		_spec.ClearField(group.FieldFallbackGroupIDOnInvalidRequest, field.TypeInt64)
 	}
 	if value, ok := _u.mutation.ModelRouting(); ok {
 		_spec.SetField(group.FieldModelRouting, field.TypeJSON, value)
 	}
@@ -1986,6 +2458,23 @@ func (_u *GroupUpdateOne) sqlSave(ctx context.Context) (_node *Group, err error)
 	if value, ok := _u.mutation.ModelRoutingEnabled(); ok {
 		_spec.SetField(group.FieldModelRoutingEnabled, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.McpXMLInject(); ok {
 		_spec.SetField(group.FieldMcpXMLInject, field.TypeBool, value)
 	}
 	if value, ok := _u.mutation.SupportedModelScopes(); ok {
 		_spec.SetField(group.FieldSupportedModelScopes, field.TypeJSON, value)
 	}
 	if value, ok := _u.mutation.AppendedSupportedModelScopes(); ok {
 		_spec.AddModifier(func(u *sql.UpdateBuilder) {
 			sqljson.Append(u, group.FieldSupportedModelScopes, value)
 		})
 	}
 	if value, ok := _u.mutation.SortOrder(); ok {
 		_spec.SetField(group.FieldSortOrder, field.TypeInt, value)
 	}
 	if value, ok := _u.mutation.AddedSortOrder(); ok {
 		_spec.AddField(group.FieldSortOrder, field.TypeInt, value)
 	}
 	if _u.mutation.APIKeysCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
--- a/backend/ent/hook/hook.go
+++ b/backend/ent/hook/hook.go
@@ -45,6 +45,42 @@ func (f AccountGroupFunc) Mutate(ctx context.Context, m ent.Mutation) (ent.Value
 	return nil, fmt.Errorf("unexpected mutation type %T. expect *ent.AccountGroupMutation", m)
 }
 // The AnnouncementFunc type is an adapter to allow the use of ordinary
 // function as Announcement mutator.
 type AnnouncementFunc func(context.Context, *ent.AnnouncementMutation) (ent.Value, error)
 // Mutate calls f(ctx, m).
 func (f AnnouncementFunc) Mutate(ctx context.Context, m ent.Mutation) (ent.Value, error) {
 	if mv, ok := m.(*ent.AnnouncementMutation); ok {
 		return f(ctx, mv)
 	}
 	return nil, fmt.Errorf("unexpected mutation type %T. expect *ent.AnnouncementMutation", m)
 }
 // The AnnouncementReadFunc type is an adapter to allow the use of ordinary
 // function as AnnouncementRead mutator.
 type AnnouncementReadFunc func(context.Context, *ent.AnnouncementReadMutation) (ent.Value, error)
 // Mutate calls f(ctx, m).
 func (f AnnouncementReadFunc) Mutate(ctx context.Context, m ent.Mutation) (ent.Value, error) {
 	if mv, ok := m.(*ent.AnnouncementReadMutation); ok {
 		return f(ctx, mv)
 	}
 	return nil, fmt.Errorf("unexpected mutation type %T. expect *ent.AnnouncementReadMutation", m)
 }
 // The ErrorPassthroughRuleFunc type is an adapter to allow the use of ordinary
 // function as ErrorPassthroughRule mutator.
 type ErrorPassthroughRuleFunc func(context.Context, *ent.ErrorPassthroughRuleMutation) (ent.Value, error)
 // Mutate calls f(ctx, m).
 func (f ErrorPassthroughRuleFunc) Mutate(ctx context.Context, m ent.Mutation) (ent.Value, error) {
 	if mv, ok := m.(*ent.ErrorPassthroughRuleMutation); ok {
 		return f(ctx, mv)
 	}
 	return nil, fmt.Errorf("unexpected mutation type %T. expect *ent.ErrorPassthroughRuleMutation", m)
 }
 // The GroupFunc type is an adapter to allow the use of ordinary
 // function as Group mutator.
 type GroupFunc func(context.Context, *ent.GroupMutation) (ent.Value, error)
@@ -105,6 +141,18 @@ func (f RedeemCodeFunc) Mutate(ctx context.Context, m ent.Mutation) (ent.Value,
 	return nil, fmt.Errorf("unexpected mutation type %T. expect *ent.RedeemCodeMutation", m)
 }
 // The SecuritySecretFunc type is an adapter to allow the use of ordinary
 // function as SecuritySecret mutator.
 type SecuritySecretFunc func(context.Context, *ent.SecuritySecretMutation) (ent.Value, error)
 // Mutate calls f(ctx, m).
 func (f SecuritySecretFunc) Mutate(ctx context.Context, m ent.Mutation) (ent.Value, error) {
 	if mv, ok := m.(*ent.SecuritySecretMutation); ok {
 		return f(ctx, mv)
 	}
 	return nil, fmt.Errorf("unexpected mutation type %T. expect *ent.SecuritySecretMutation", m)
 }
 // The SettingFunc type is an adapter to allow the use of ordinary
 // function as Setting mutator.
 type SettingFunc func(context.Context, *ent.SettingMutation) (ent.Value, error)
--- a/backend/ent/intercept/intercept.go
+++ b/backend/ent/intercept/intercept.go
@@ -10,13 +10,17 @@ import (
 	"github.com/Wei-Shaw/sub2api/ent"
 	"github.com/Wei-Shaw/sub2api/ent/account"
 	"github.com/Wei-Shaw/sub2api/ent/accountgroup"
 	"github.com/Wei-Shaw/sub2api/ent/announcement"
 	"github.com/Wei-Shaw/sub2api/ent/announcementread"
 	"github.com/Wei-Shaw/sub2api/ent/apikey"
 	"github.com/Wei-Shaw/sub2api/ent/errorpassthroughrule"
 	"github.com/Wei-Shaw/sub2api/ent/group"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 	"github.com/Wei-Shaw/sub2api/ent/promocode"
 	"github.com/Wei-Shaw/sub2api/ent/promocodeusage"
 	"github.com/Wei-Shaw/sub2api/ent/proxy"
 	"github.com/Wei-Shaw/sub2api/ent/redeemcode"
 	"github.com/Wei-Shaw/sub2api/ent/securitysecret"
 	"github.com/Wei-Shaw/sub2api/ent/setting"
 	"github.com/Wei-Shaw/sub2api/ent/usagecleanuptask"
 	"github.com/Wei-Shaw/sub2api/ent/usagelog"
@@ -164,6 +168,87 @@ func (f TraverseAccountGroup) Traverse(ctx context.Context, q ent.Query) error {
 	return fmt.Errorf("unexpected query type %T. expect *ent.AccountGroupQuery", q)
 }
 // The AnnouncementFunc type is an adapter to allow the use of ordinary function as a Querier.
 type AnnouncementFunc func(context.Context, *ent.AnnouncementQuery) (ent.Value, error)
 // Query calls f(ctx, q).
 func (f AnnouncementFunc) Query(ctx context.Context, q ent.Query) (ent.Value, error) {
 	if q, ok := q.(*ent.AnnouncementQuery); ok {
 		return f(ctx, q)
 	}
 	return nil, fmt.Errorf("unexpected query type %T. expect *ent.AnnouncementQuery", q)
 }
 // The TraverseAnnouncement type is an adapter to allow the use of ordinary function as Traverser.
 type TraverseAnnouncement func(context.Context, *ent.AnnouncementQuery) error
 // Intercept is a dummy implementation of Intercept that returns the next Querier in the pipeline.
 func (f TraverseAnnouncement) Intercept(next ent.Querier) ent.Querier {
 	return next
 }
 // Traverse calls f(ctx, q).
 func (f TraverseAnnouncement) Traverse(ctx context.Context, q ent.Query) error {
 	if q, ok := q.(*ent.AnnouncementQuery); ok {
 		return f(ctx, q)
 	}
 	return fmt.Errorf("unexpected query type %T. expect *ent.AnnouncementQuery", q)
 }
 // The AnnouncementReadFunc type is an adapter to allow the use of ordinary function as a Querier.
 type AnnouncementReadFunc func(context.Context, *ent.AnnouncementReadQuery) (ent.Value, error)
 // Query calls f(ctx, q).
 func (f AnnouncementReadFunc) Query(ctx context.Context, q ent.Query) (ent.Value, error) {
 	if q, ok := q.(*ent.AnnouncementReadQuery); ok {
 		return f(ctx, q)
 	}
 	return nil, fmt.Errorf("unexpected query type %T. expect *ent.AnnouncementReadQuery", q)
 }
 // The TraverseAnnouncementRead type is an adapter to allow the use of ordinary function as Traverser.
 type TraverseAnnouncementRead func(context.Context, *ent.AnnouncementReadQuery) error
 // Intercept is a dummy implementation of Intercept that returns the next Querier in the pipeline.
 func (f TraverseAnnouncementRead) Intercept(next ent.Querier) ent.Querier {
 	return next
 }
 // Traverse calls f(ctx, q).
 func (f TraverseAnnouncementRead) Traverse(ctx context.Context, q ent.Query) error {
 	if q, ok := q.(*ent.AnnouncementReadQuery); ok {
 		return f(ctx, q)
 	}
 	return fmt.Errorf("unexpected query type %T. expect *ent.AnnouncementReadQuery", q)
 }
 // The ErrorPassthroughRuleFunc type is an adapter to allow the use of ordinary function as a Querier.
 type ErrorPassthroughRuleFunc func(context.Context, *ent.ErrorPassthroughRuleQuery) (ent.Value, error)
 // Query calls f(ctx, q).
 func (f ErrorPassthroughRuleFunc) Query(ctx context.Context, q ent.Query) (ent.Value, error) {
 	if q, ok := q.(*ent.ErrorPassthroughRuleQuery); ok {
 		return f(ctx, q)
 	}
 	return nil, fmt.Errorf("unexpected query type %T. expect *ent.ErrorPassthroughRuleQuery", q)
 }
 // The TraverseErrorPassthroughRule type is an adapter to allow the use of ordinary function as Traverser.
 type TraverseErrorPassthroughRule func(context.Context, *ent.ErrorPassthroughRuleQuery) error
 // Intercept is a dummy implementation of Intercept that returns the next Querier in the pipeline.
 func (f TraverseErrorPassthroughRule) Intercept(next ent.Querier) ent.Querier {
 	return next
 }
 // Traverse calls f(ctx, q).
 func (f TraverseErrorPassthroughRule) Traverse(ctx context.Context, q ent.Query) error {
 	if q, ok := q.(*ent.ErrorPassthroughRuleQuery); ok {
 		return f(ctx, q)
 	}
 	return fmt.Errorf("unexpected query type %T. expect *ent.ErrorPassthroughRuleQuery", q)
 }
 // The GroupFunc type is an adapter to allow the use of ordinary function as a Querier.
 type GroupFunc func(context.Context, *ent.GroupQuery) (ent.Value, error)
@@ -299,6 +384,33 @@ func (f TraverseRedeemCode) Traverse(ctx context.Context, q ent.Query) error {
 	return fmt.Errorf("unexpected query type %T. expect *ent.RedeemCodeQuery", q)
 }
 // The SecuritySecretFunc type is an adapter to allow the use of ordinary function as a Querier.
 type SecuritySecretFunc func(context.Context, *ent.SecuritySecretQuery) (ent.Value, error)
 // Query calls f(ctx, q).
 func (f SecuritySecretFunc) Query(ctx context.Context, q ent.Query) (ent.Value, error) {
 	if q, ok := q.(*ent.SecuritySecretQuery); ok {
 		return f(ctx, q)
 	}
 	return nil, fmt.Errorf("unexpected query type %T. expect *ent.SecuritySecretQuery", q)
 }
 // The TraverseSecuritySecret type is an adapter to allow the use of ordinary function as Traverser.
 type TraverseSecuritySecret func(context.Context, *ent.SecuritySecretQuery) error
 // Intercept is a dummy implementation of Intercept that returns the next Querier in the pipeline.
 func (f TraverseSecuritySecret) Intercept(next ent.Querier) ent.Querier {
 	return next
 }
 // Traverse calls f(ctx, q).
 func (f TraverseSecuritySecret) Traverse(ctx context.Context, q ent.Query) error {
 	if q, ok := q.(*ent.SecuritySecretQuery); ok {
 		return f(ctx, q)
 	}
 	return fmt.Errorf("unexpected query type %T. expect *ent.SecuritySecretQuery", q)
 }
 // The SettingFunc type is an adapter to allow the use of ordinary function as a Querier.
 type SettingFunc func(context.Context, *ent.SettingQuery) (ent.Value, error)
@@ -524,6 +636,12 @@ func NewQuery(q ent.Query) (Query, error) {
 		return &query[*ent.AccountQuery, predicate.Account, account.OrderOption]{typ: ent.TypeAccount, tq: q}, nil
 	case *ent.AccountGroupQuery:
 		return &query[*ent.AccountGroupQuery, predicate.AccountGroup, accountgroup.OrderOption]{typ: ent.TypeAccountGroup, tq: q}, nil
 	case *ent.AnnouncementQuery:
 		return &query[*ent.AnnouncementQuery, predicate.Announcement, announcement.OrderOption]{typ: ent.TypeAnnouncement, tq: q}, nil
 	case *ent.AnnouncementReadQuery:
 		return &query[*ent.AnnouncementReadQuery, predicate.AnnouncementRead, announcementread.OrderOption]{typ: ent.TypeAnnouncementRead, tq: q}, nil
 	case *ent.ErrorPassthroughRuleQuery:
 		return &query[*ent.ErrorPassthroughRuleQuery, predicate.ErrorPassthroughRule, errorpassthroughrule.OrderOption]{typ: ent.TypeErrorPassthroughRule, tq: q}, nil
 	case *ent.GroupQuery:
 		return &query[*ent.GroupQuery, predicate.Group, group.OrderOption]{typ: ent.TypeGroup, tq: q}, nil
 	case *ent.PromoCodeQuery:
@@ -534,6 +652,8 @@ func NewQuery(q ent.Query) (Query, error) {
 		return &query[*ent.ProxyQuery, predicate.Proxy, proxy.OrderOption]{typ: ent.TypeProxy, tq: q}, nil
 	case *ent.RedeemCodeQuery:
 		return &query[*ent.RedeemCodeQuery, predicate.RedeemCode, redeemcode.OrderOption]{typ: ent.TypeRedeemCode, tq: q}, nil
 	case *ent.SecuritySecretQuery:
 		return &query[*ent.SecuritySecretQuery, predicate.SecuritySecret, securitysecret.OrderOption]{typ: ent.TypeSecuritySecret, tq: q}, nil
 	case *ent.SettingQuery:
 		return &query[*ent.SettingQuery, predicate.Setting, setting.OrderOption]{typ: ent.TypeSetting, tq: q}, nil
 	case *ent.UsageCleanupTaskQuery:
--- a/backend/ent/migrate/schema.go
+++ b/backend/ent/migrate/schema.go
@@ -18,8 +18,12 @@ var (
 		{Name: "key", Type: field.TypeString, Unique: true, Size: 128},
 		{Name: "name", Type: field.TypeString, Size: 100},
 		{Name: "status", Type: field.TypeString, Size: 20, Default: "active"},
 		{Name: "last_used_at", Type: field.TypeTime, Nullable: true},
 		{Name: "ip_whitelist", Type: field.TypeJSON, Nullable: true},
 		{Name: "ip_blacklist", Type: field.TypeJSON, Nullable: true},
 		{Name: "quota", Type: field.TypeFloat64, Default: 0, SchemaType: map[string]string{"postgres": "decimal(20,8)"}},
 		{Name: "quota_used", Type: field.TypeFloat64, Default: 0, SchemaType: map[string]string{"postgres": "decimal(20,8)"}},
 		{Name: "expires_at", Type: field.TypeTime, Nullable: true},
 		{Name: "group_id", Type: field.TypeInt64, Nullable: true},
 		{Name: "user_id", Type: field.TypeInt64},
 	}
@@ -31,13 +35,13 @@ var (
 		ForeignKeys: []*schema.ForeignKey{
 			{
 				Symbol:     "api_keys_groups_api_keys",
-				Columns:    []*schema.Column{APIKeysColumns[9]},
+				Columns:    []*schema.Column{APIKeysColumns[13]},
 				RefColumns: []*schema.Column{GroupsColumns[0]},
 				OnDelete:   schema.SetNull,
 			},
 			{
 				Symbol:     "api_keys_users_api_keys",
-				Columns:    []*schema.Column{APIKeysColumns[10]},
+				Columns:    []*schema.Column{APIKeysColumns[14]},
 				RefColumns: []*schema.Column{UsersColumns[0]},
 				OnDelete:   schema.NoAction,
 			},
@@ -46,12 +50,12 @@ var (
 			{
 				Name:    "apikey_user_id",
 				Unique:  false,
-				Columns: []*schema.Column{APIKeysColumns[10]},
+				Columns: []*schema.Column{APIKeysColumns[14]},
 			},
 			{
 				Name:    "apikey_group_id",
 				Unique:  false,
-				Columns: []*schema.Column{APIKeysColumns[9]},
+				Columns: []*schema.Column{APIKeysColumns[13]},
 			},
 			{
 				Name:    "apikey_status",
@@ -63,6 +67,21 @@ var (
 				Unique:  false,
 				Columns: []*schema.Column{APIKeysColumns[3]},
 			},
 			{
 				Name:    "apikey_last_used_at",
 				Unique:  false,
 				Columns: []*schema.Column{APIKeysColumns[7]},
 			},
 			{
 				Name:    "apikey_quota_quota_used",
 				Unique:  false,
 				Columns: []*schema.Column{APIKeysColumns[10], APIKeysColumns[11]},
 			},
 			{
 				Name:    "apikey_expires_at",
 				Unique:  false,
 				Columns: []*schema.Column{APIKeysColumns[12]},
 			},
 		},
 	}
 	// AccountsColumns holds the columns for the "accounts" table.
@@ -204,6 +223,135 @@ var (
 			},
 		},
 	}
 	// AnnouncementsColumns holds the columns for the "announcements" table.
 	AnnouncementsColumns = []*schema.Column{
 		{Name: "id", Type: field.TypeInt64, Increment: true},
 		{Name: "title", Type: field.TypeString, Size: 200},
 		{Name: "content", Type: field.TypeString, SchemaType: map[string]string{"postgres": "text"}},
 		{Name: "status", Type: field.TypeString, Size: 20, Default: "draft"},
 		{Name: "targeting", Type: field.TypeJSON, Nullable: true, SchemaType: map[string]string{"postgres": "jsonb"}},
 		{Name: "starts_at", Type: field.TypeTime, Nullable: true, SchemaType: map[string]string{"postgres": "timestamptz"}},
 		{Name: "ends_at", Type: field.TypeTime, Nullable: true, SchemaType: map[string]string{"postgres": "timestamptz"}},
 		{Name: "created_by", Type: field.TypeInt64, Nullable: true},
 		{Name: "updated_by", Type: field.TypeInt64, Nullable: true},
 		{Name: "created_at", Type: field.TypeTime, SchemaType: map[string]string{"postgres": "timestamptz"}},
 		{Name: "updated_at", Type: field.TypeTime, SchemaType: map[string]string{"postgres": "timestamptz"}},
 	}
 	// AnnouncementsTable holds the schema information for the "announcements" table.
 	AnnouncementsTable = &schema.Table{
 		Name:       "announcements",
 		Columns:    AnnouncementsColumns,
 		PrimaryKey: []*schema.Column{AnnouncementsColumns[0]},
 		Indexes: []*schema.Index{
 			{
 				Name:    "announcement_status",
 				Unique:  false,
 				Columns: []*schema.Column{AnnouncementsColumns[3]},
 			},
 			{
 				Name:    "announcement_created_at",
 				Unique:  false,
 				Columns: []*schema.Column{AnnouncementsColumns[9]},
 			},
 			{
 				Name:    "announcement_starts_at",
 				Unique:  false,
 				Columns: []*schema.Column{AnnouncementsColumns[5]},
 			},
 			{
 				Name:    "announcement_ends_at",
 				Unique:  false,
 				Columns: []*schema.Column{AnnouncementsColumns[6]},
 			},
 		},
 	}
 	// AnnouncementReadsColumns holds the columns for the "announcement_reads" table.
 	AnnouncementReadsColumns = []*schema.Column{
 		{Name: "id", Type: field.TypeInt64, Increment: true},
 		{Name: "read_at", Type: field.TypeTime, SchemaType: map[string]string{"postgres": "timestamptz"}},
 		{Name: "created_at", Type: field.TypeTime, SchemaType: map[string]string{"postgres": "timestamptz"}},
 		{Name: "announcement_id", Type: field.TypeInt64},
 		{Name: "user_id", Type: field.TypeInt64},
 	}
 	// AnnouncementReadsTable holds the schema information for the "announcement_reads" table.
 	AnnouncementReadsTable = &schema.Table{
 		Name:       "announcement_reads",
 		Columns:    AnnouncementReadsColumns,
 		PrimaryKey: []*schema.Column{AnnouncementReadsColumns[0]},
 		ForeignKeys: []*schema.ForeignKey{
 			{
 				Symbol:     "announcement_reads_announcements_reads",
 				Columns:    []*schema.Column{AnnouncementReadsColumns[3]},
 				RefColumns: []*schema.Column{AnnouncementsColumns[0]},
 				OnDelete:   schema.NoAction,
 			},
 			{
 				Symbol:     "announcement_reads_users_announcement_reads",
 				Columns:    []*schema.Column{AnnouncementReadsColumns[4]},
 				RefColumns: []*schema.Column{UsersColumns[0]},
 				OnDelete:   schema.NoAction,
 			},
 		},
 		Indexes: []*schema.Index{
 			{
 				Name:    "announcementread_announcement_id",
 				Unique:  false,
 				Columns: []*schema.Column{AnnouncementReadsColumns[3]},
 			},
 			{
 				Name:    "announcementread_user_id",
 				Unique:  false,
 				Columns: []*schema.Column{AnnouncementReadsColumns[4]},
 			},
 			{
 				Name:    "announcementread_read_at",
 				Unique:  false,
 				Columns: []*schema.Column{AnnouncementReadsColumns[1]},
 			},
 			{
 				Name:    "announcementread_announcement_id_user_id",
 				Unique:  true,
 				Columns: []*schema.Column{AnnouncementReadsColumns[3], AnnouncementReadsColumns[4]},
 			},
 		},
 	}
 	// ErrorPassthroughRulesColumns holds the columns for the "error_passthrough_rules" table.
 	ErrorPassthroughRulesColumns = []*schema.Column{
 		{Name: "id", Type: field.TypeInt64, Increment: true},
 		{Name: "created_at", Type: field.TypeTime, SchemaType: map[string]string{"postgres": "timestamptz"}},
 		{Name: "updated_at", Type: field.TypeTime, SchemaType: map[string]string{"postgres": "timestamptz"}},
 		{Name: "name", Type: field.TypeString, Size: 100},
 		{Name: "enabled", Type: field.TypeBool, Default: true},
 		{Name: "priority", Type: field.TypeInt, Default: 0},
 		{Name: "error_codes", Type: field.TypeJSON, Nullable: true, SchemaType: map[string]string{"postgres": "jsonb"}},
 		{Name: "keywords", Type: field.TypeJSON, Nullable: true, SchemaType: map[string]string{"postgres": "jsonb"}},
 		{Name: "match_mode", Type: field.TypeString, Size: 10, Default: "any"},
 		{Name: "platforms", Type: field.TypeJSON, Nullable: true, SchemaType: map[string]string{"postgres": "jsonb"}},
 		{Name: "passthrough_code", Type: field.TypeBool, Default: true},
 		{Name: "response_code", Type: field.TypeInt, Nullable: true},
 		{Name: "passthrough_body", Type: field.TypeBool, Default: true},
 		{Name: "custom_message", Type: field.TypeString, Nullable: true, Size: 2147483647},
 		{Name: "skip_monitoring", Type: field.TypeBool, Default: false},
 		{Name: "description", Type: field.TypeString, Nullable: true, Size: 2147483647},
 	}
 	// ErrorPassthroughRulesTable holds the schema information for the "error_passthrough_rules" table.
 	ErrorPassthroughRulesTable = &schema.Table{
 		Name:       "error_passthrough_rules",
 		Columns:    ErrorPassthroughRulesColumns,
 		PrimaryKey: []*schema.Column{ErrorPassthroughRulesColumns[0]},
 		Indexes: []*schema.Index{
 			{
 				Name:    "errorpassthroughrule_enabled",
 				Unique:  false,
 				Columns: []*schema.Column{ErrorPassthroughRulesColumns[4]},
 			},
 			{
 				Name:    "errorpassthroughrule_priority",
 				Unique:  false,
 				Columns: []*schema.Column{ErrorPassthroughRulesColumns[5]},
 			},
 		},
 	}
 	// GroupsColumns holds the columns for the "groups" table.
 	GroupsColumns = []*schema.Column{
 		{Name: "id", Type: field.TypeInt64, Increment: true},
@@ -224,10 +372,18 @@ var (
 		{Name: "image_price_1k", Type: field.TypeFloat64, Nullable: true, SchemaType: map[string]string{"postgres": "decimal(20,8)"}},
 		{Name: "image_price_2k", Type: field.TypeFloat64, Nullable: true, SchemaType: map[string]string{"postgres": "decimal(20,8)"}},
 		{Name: "image_price_4k", Type: field.TypeFloat64, Nullable: true, SchemaType: map[string]string{"postgres": "decimal(20,8)"}},
 		{Name: "sora_image_price_360", Type: field.TypeFloat64, Nullable: true, SchemaType: map[string]string{"postgres": "decimal(20,8)"}},
 		{Name: "sora_image_price_540", Type: field.TypeFloat64, Nullable: true, SchemaType: map[string]string{"postgres": "decimal(20,8)"}},
 		{Name: "sora_video_price_per_request", Type: field.TypeFloat64, Nullable: true, SchemaType: map[string]string{"postgres": "decimal(20,8)"}},
 		{Name: "sora_video_price_per_request_hd", Type: field.TypeFloat64, Nullable: true, SchemaType: map[string]string{"postgres": "decimal(20,8)"}},
 		{Name: "claude_code_only", Type: field.TypeBool, Default: false},
 		{Name: "fallback_group_id", Type: field.TypeInt64, Nullable: true},
 		{Name: "fallback_group_id_on_invalid_request", Type: field.TypeInt64, Nullable: true},
 		{Name: "model_routing", Type: field.TypeJSON, Nullable: true, SchemaType: map[string]string{"postgres": "jsonb"}},
 		{Name: "model_routing_enabled", Type: field.TypeBool, Default: false},
 		{Name: "mcp_xml_inject", Type: field.TypeBool, Default: true},
 		{Name: "supported_model_scopes", Type: field.TypeJSON, SchemaType: map[string]string{"postgres": "jsonb"}},
 		{Name: "sort_order", Type: field.TypeInt, Default: 0},
 	}
 	// GroupsTable holds the schema information for the "groups" table.
 	GroupsTable = &schema.Table{
@@ -260,6 +416,11 @@ var (
 				Unique:  false,
 				Columns: []*schema.Column{GroupsColumns[3]},
 			},
 			{
 				Name:    "group_sort_order",
 				Unique:  false,
 				Columns: []*schema.Column{GroupsColumns[29]},
 			},
 		},
 	}
 	// PromoCodesColumns holds the columns for the "promo_codes" table.
@@ -421,6 +582,20 @@ var (
 			},
 		},
 	}
 	// SecuritySecretsColumns holds the columns for the "security_secrets" table.
 	SecuritySecretsColumns = []*schema.Column{
 		{Name: "id", Type: field.TypeInt64, Increment: true},
 		{Name: "created_at", Type: field.TypeTime, SchemaType: map[string]string{"postgres": "timestamptz"}},
 		{Name: "updated_at", Type: field.TypeTime, SchemaType: map[string]string{"postgres": "timestamptz"}},
 		{Name: "key", Type: field.TypeString, Unique: true, Size: 100},
 		{Name: "value", Type: field.TypeString, SchemaType: map[string]string{"postgres": "text"}},
 	}
 	// SecuritySecretsTable holds the schema information for the "security_secrets" table.
 	SecuritySecretsTable = &schema.Table{
 		Name:       "security_secrets",
 		Columns:    SecuritySecretsColumns,
 		PrimaryKey: []*schema.Column{SecuritySecretsColumns[0]},
 	}
 	// SettingsColumns holds the columns for the "settings" table.
 	SettingsColumns = []*schema.Column{
 		{Name: "id", Type: field.TypeInt64, Increment: true},
@@ -499,6 +674,8 @@ var (
 		{Name: "ip_address", Type: field.TypeString, Nullable: true, Size: 45},
 		{Name: "image_count", Type: field.TypeInt, Default: 0},
 		{Name: "image_size", Type: field.TypeString, Nullable: true, Size: 10},
 		{Name: "media_type", Type: field.TypeString, Nullable: true, Size: 16},
 		{Name: "cache_ttl_overridden", Type: field.TypeBool, Default: false},
 		{Name: "created_at", Type: field.TypeTime, SchemaType: map[string]string{"postgres": "timestamptz"}},
 		{Name: "api_key_id", Type: field.TypeInt64},
 		{Name: "account_id", Type: field.TypeInt64},
@@ -514,31 +691,31 @@ var (
 		ForeignKeys: []*schema.ForeignKey{
 			{
 				Symbol:     "usage_logs_api_keys_usage_logs",
-				Columns:    []*schema.Column{UsageLogsColumns[26]},
+				Columns:    []*schema.Column{UsageLogsColumns[28]},
 				RefColumns: []*schema.Column{APIKeysColumns[0]},
 				OnDelete:   schema.NoAction,
 			},
 			{
 				Symbol:     "usage_logs_accounts_usage_logs",
-				Columns:    []*schema.Column{UsageLogsColumns[27]},
+				Columns:    []*schema.Column{UsageLogsColumns[29]},
 				RefColumns: []*schema.Column{AccountsColumns[0]},
 				OnDelete:   schema.NoAction,
 			},
 			{
 				Symbol:     "usage_logs_groups_usage_logs",
-				Columns:    []*schema.Column{UsageLogsColumns[28]},
+				Columns:    []*schema.Column{UsageLogsColumns[30]},
 				RefColumns: []*schema.Column{GroupsColumns[0]},
 				OnDelete:   schema.SetNull,
 			},
 			{
 				Symbol:     "usage_logs_users_usage_logs",
-				Columns:    []*schema.Column{UsageLogsColumns[29]},
+				Columns:    []*schema.Column{UsageLogsColumns[31]},
 				RefColumns: []*schema.Column{UsersColumns[0]},
 				OnDelete:   schema.NoAction,
 			},
 			{
 				Symbol:     "usage_logs_user_subscriptions_usage_logs",
-				Columns:    []*schema.Column{UsageLogsColumns[30]},
+				Columns:    []*schema.Column{UsageLogsColumns[32]},
 				RefColumns: []*schema.Column{UserSubscriptionsColumns[0]},
 				OnDelete:   schema.SetNull,
 			},
@@ -547,32 +724,32 @@ var (
 			{
 				Name:    "usagelog_user_id",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[29]},
+				Columns: []*schema.Column{UsageLogsColumns[31]},
 			},
 			{
 				Name:    "usagelog_api_key_id",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[26]},
+				Columns: []*schema.Column{UsageLogsColumns[28]},
 			},
 			{
 				Name:    "usagelog_account_id",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[27]},
+				Columns: []*schema.Column{UsageLogsColumns[29]},
 			},
 			{
 				Name:    "usagelog_group_id",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[28]},
+				Columns: []*schema.Column{UsageLogsColumns[30]},
 			},
 			{
 				Name:    "usagelog_subscription_id",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[30]},
+				Columns: []*schema.Column{UsageLogsColumns[32]},
 			},
 			{
 				Name:    "usagelog_created_at",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[25]},
+				Columns: []*schema.Column{UsageLogsColumns[27]},
 			},
 			{
 				Name:    "usagelog_model",
@@ -587,12 +764,12 @@ var (
 			{
 				Name:    "usagelog_user_id_created_at",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[29], UsageLogsColumns[25]},
+				Columns: []*schema.Column{UsageLogsColumns[31], UsageLogsColumns[27]},
 			},
 			{
 				Name:    "usagelog_api_key_id_created_at",
 				Unique:  false,
-				Columns: []*schema.Column{UsageLogsColumns[26], UsageLogsColumns[25]},
+				Columns: []*schema.Column{UsageLogsColumns[28], UsageLogsColumns[27]},
 			},
 		},
 	}
@@ -840,11 +1017,15 @@ var (
 		APIKeysTable,
 		AccountsTable,
 		AccountGroupsTable,
 		AnnouncementsTable,
 		AnnouncementReadsTable,
 		ErrorPassthroughRulesTable,
 		GroupsTable,
 		PromoCodesTable,
 		PromoCodeUsagesTable,
 		ProxiesTable,
 		RedeemCodesTable,
 		SecuritySecretsTable,
 		SettingsTable,
 		UsageCleanupTasksTable,
 		UsageLogsTable,
@@ -871,6 +1052,17 @@ func init() {
 	AccountGroupsTable.Annotation = &entsql.Annotation{
 		Table: "account_groups",
 	}
 	AnnouncementsTable.Annotation = &entsql.Annotation{
 		Table: "announcements",
 	}
 	AnnouncementReadsTable.ForeignKeys[0].RefTable = AnnouncementsTable
 	AnnouncementReadsTable.ForeignKeys[1].RefTable = UsersTable
 	AnnouncementReadsTable.Annotation = &entsql.Annotation{
 		Table: "announcement_reads",
 	}
 	ErrorPassthroughRulesTable.Annotation = &entsql.Annotation{
 		Table: "error_passthrough_rules",
 	}
 	GroupsTable.Annotation = &entsql.Annotation{
 		Table: "groups",
 	}
@@ -890,6 +1082,9 @@ func init() {
 	RedeemCodesTable.Annotation = &entsql.Annotation{
 		Table: "redeem_codes",
 	}
 	SecuritySecretsTable.Annotation = &entsql.Annotation{
 		Table: "security_secrets",
 	}
 	SettingsTable.Annotation = &entsql.Annotation{
 		Table: "settings",
 	}
--- a/backend/ent/mutation.go
+++ b/backend/ent/mutation.go
--- a/backend/ent/predicate/predicate.go
+++ b/backend/ent/predicate/predicate.go
@@ -15,6 +15,15 @@ type Account func(*sql.Selector)
 // AccountGroup is the predicate function for accountgroup builders.
 type AccountGroup func(*sql.Selector)
 // Announcement is the predicate function for announcement builders.
 type Announcement func(*sql.Selector)
 // AnnouncementRead is the predicate function for announcementread builders.
 type AnnouncementRead func(*sql.Selector)
 // ErrorPassthroughRule is the predicate function for errorpassthroughrule builders.
 type ErrorPassthroughRule func(*sql.Selector)
 // Group is the predicate function for group builders.
 type Group func(*sql.Selector)
@@ -30,6 +39,9 @@ type Proxy func(*sql.Selector)
 // RedeemCode is the predicate function for redeemcode builders.
 type RedeemCode func(*sql.Selector)
 // SecuritySecret is the predicate function for securitysecret builders.
 type SecuritySecret func(*sql.Selector)
 // Setting is the predicate function for setting builders.
 type Setting func(*sql.Selector)
--- a/backend/ent/runtime/runtime.go
+++ b/backend/ent/runtime/runtime.go
@@ -7,13 +7,17 @@ import (
 	"github.com/Wei-Shaw/sub2api/ent/account"
 	"github.com/Wei-Shaw/sub2api/ent/accountgroup"
 	"github.com/Wei-Shaw/sub2api/ent/announcement"
 	"github.com/Wei-Shaw/sub2api/ent/announcementread"
 	"github.com/Wei-Shaw/sub2api/ent/apikey"
 	"github.com/Wei-Shaw/sub2api/ent/errorpassthroughrule"
 	"github.com/Wei-Shaw/sub2api/ent/group"
 	"github.com/Wei-Shaw/sub2api/ent/promocode"
 	"github.com/Wei-Shaw/sub2api/ent/promocodeusage"
 	"github.com/Wei-Shaw/sub2api/ent/proxy"
 	"github.com/Wei-Shaw/sub2api/ent/redeemcode"
 	"github.com/Wei-Shaw/sub2api/ent/schema"
 	"github.com/Wei-Shaw/sub2api/ent/securitysecret"
 	"github.com/Wei-Shaw/sub2api/ent/setting"
 	"github.com/Wei-Shaw/sub2api/ent/usagecleanuptask"
 	"github.com/Wei-Shaw/sub2api/ent/usagelog"
@@ -89,6 +93,14 @@ func init() {
 	apikey.DefaultStatus = apikeyDescStatus.Default.(string)
 	// apikey.StatusValidator is a validator for the "status" field. It is called by the builders before save.
 	apikey.StatusValidator = apikeyDescStatus.Validators[0].(func(string) error)
 	// apikeyDescQuota is the schema descriptor for quota field.
 	apikeyDescQuota := apikeyFields[8].Descriptor()
 	// apikey.DefaultQuota holds the default value on creation for the quota field.
 	apikey.DefaultQuota = apikeyDescQuota.Default.(float64)
 	// apikeyDescQuotaUsed is the schema descriptor for quota_used field.
 	apikeyDescQuotaUsed := apikeyFields[9].Descriptor()
 	// apikey.DefaultQuotaUsed holds the default value on creation for the quota_used field.
 	apikey.DefaultQuotaUsed = apikeyDescQuotaUsed.Default.(float64)
 	accountMixin := schema.Account{}.Mixin()
 	accountMixinHooks1 := accountMixin[1].Hooks()
 	account.Hooks[0] = accountMixinHooks1[0]
@@ -210,6 +222,115 @@ func init() {
 	accountgroupDescCreatedAt := accountgroupFields[3].Descriptor()
 	// accountgroup.DefaultCreatedAt holds the default value on creation for the created_at field.
 	accountgroup.DefaultCreatedAt = accountgroupDescCreatedAt.Default.(func() time.Time)
 	announcementFields := schema.Announcement{}.Fields()
 	_ = announcementFields
 	// announcementDescTitle is the schema descriptor for title field.
 	announcementDescTitle := announcementFields[0].Descriptor()
 	// announcement.TitleValidator is a validator for the "title" field. It is called by the builders before save.
 	announcement.TitleValidator = func() func(string) error {
 		validators := announcementDescTitle.Validators
 		fns := [...]func(string) error{
 			validators[0].(func(string) error),
 			validators[1].(func(string) error),
 		}
 		return func(title string) error {
 			for _, fn := range fns {
 				if err := fn(title); err != nil {
 					return err
 				}
 			}
 			return nil
 		}
 	}()
 	// announcementDescContent is the schema descriptor for content field.
 	announcementDescContent := announcementFields[1].Descriptor()
 	// announcement.ContentValidator is a validator for the "content" field. It is called by the builders before save.
 	announcement.ContentValidator = announcementDescContent.Validators[0].(func(string) error)
 	// announcementDescStatus is the schema descriptor for status field.
 	announcementDescStatus := announcementFields[2].Descriptor()
 	// announcement.DefaultStatus holds the default value on creation for the status field.
 	announcement.DefaultStatus = announcementDescStatus.Default.(string)
 	// announcement.StatusValidator is a validator for the "status" field. It is called by the builders before save.
 	announcement.StatusValidator = announcementDescStatus.Validators[0].(func(string) error)
 	// announcementDescCreatedAt is the schema descriptor for created_at field.
 	announcementDescCreatedAt := announcementFields[8].Descriptor()
 	// announcement.DefaultCreatedAt holds the default value on creation for the created_at field.
 	announcement.DefaultCreatedAt = announcementDescCreatedAt.Default.(func() time.Time)
 	// announcementDescUpdatedAt is the schema descriptor for updated_at field.
 	announcementDescUpdatedAt := announcementFields[9].Descriptor()
 	// announcement.DefaultUpdatedAt holds the default value on creation for the updated_at field.
 	announcement.DefaultUpdatedAt = announcementDescUpdatedAt.Default.(func() time.Time)
 	// announcement.UpdateDefaultUpdatedAt holds the default value on update for the updated_at field.
 	announcement.UpdateDefaultUpdatedAt = announcementDescUpdatedAt.UpdateDefault.(func() time.Time)
 	announcementreadFields := schema.AnnouncementRead{}.Fields()
 	_ = announcementreadFields
 	// announcementreadDescReadAt is the schema descriptor for read_at field.
 	announcementreadDescReadAt := announcementreadFields[2].Descriptor()
 	// announcementread.DefaultReadAt holds the default value on creation for the read_at field.
 	announcementread.DefaultReadAt = announcementreadDescReadAt.Default.(func() time.Time)
 	// announcementreadDescCreatedAt is the schema descriptor for created_at field.
 	announcementreadDescCreatedAt := announcementreadFields[3].Descriptor()
 	// announcementread.DefaultCreatedAt holds the default value on creation for the created_at field.
 	announcementread.DefaultCreatedAt = announcementreadDescCreatedAt.Default.(func() time.Time)
 	errorpassthroughruleMixin := schema.ErrorPassthroughRule{}.Mixin()
 	errorpassthroughruleMixinFields0 := errorpassthroughruleMixin[0].Fields()
 	_ = errorpassthroughruleMixinFields0
 	errorpassthroughruleFields := schema.ErrorPassthroughRule{}.Fields()
 	_ = errorpassthroughruleFields
 	// errorpassthroughruleDescCreatedAt is the schema descriptor for created_at field.
 	errorpassthroughruleDescCreatedAt := errorpassthroughruleMixinFields0[0].Descriptor()
 	// errorpassthroughrule.DefaultCreatedAt holds the default value on creation for the created_at field.
 	errorpassthroughrule.DefaultCreatedAt = errorpassthroughruleDescCreatedAt.Default.(func() time.Time)
 	// errorpassthroughruleDescUpdatedAt is the schema descriptor for updated_at field.
 	errorpassthroughruleDescUpdatedAt := errorpassthroughruleMixinFields0[1].Descriptor()
 	// errorpassthroughrule.DefaultUpdatedAt holds the default value on creation for the updated_at field.
 	errorpassthroughrule.DefaultUpdatedAt = errorpassthroughruleDescUpdatedAt.Default.(func() time.Time)
 	// errorpassthroughrule.UpdateDefaultUpdatedAt holds the default value on update for the updated_at field.
 	errorpassthroughrule.UpdateDefaultUpdatedAt = errorpassthroughruleDescUpdatedAt.UpdateDefault.(func() time.Time)
 	// errorpassthroughruleDescName is the schema descriptor for name field.
 	errorpassthroughruleDescName := errorpassthroughruleFields[0].Descriptor()
 	// errorpassthroughrule.NameValidator is a validator for the "name" field. It is called by the builders before save.
 	errorpassthroughrule.NameValidator = func() func(string) error {
 		validators := errorpassthroughruleDescName.Validators
 		fns := [...]func(string) error{
 			validators[0].(func(string) error),
 			validators[1].(func(string) error),
 		}
 		return func(name string) error {
 			for _, fn := range fns {
 				if err := fn(name); err != nil {
 					return err
 				}
 			}
 			return nil
 		}
 	}()
 	// errorpassthroughruleDescEnabled is the schema descriptor for enabled field.
 	errorpassthroughruleDescEnabled := errorpassthroughruleFields[1].Descriptor()
 	// errorpassthroughrule.DefaultEnabled holds the default value on creation for the enabled field.
 	errorpassthroughrule.DefaultEnabled = errorpassthroughruleDescEnabled.Default.(bool)
 	// errorpassthroughruleDescPriority is the schema descriptor for priority field.
 	errorpassthroughruleDescPriority := errorpassthroughruleFields[2].Descriptor()
 	// errorpassthroughrule.DefaultPriority holds the default value on creation for the priority field.
 	errorpassthroughrule.DefaultPriority = errorpassthroughruleDescPriority.Default.(int)
 	// errorpassthroughruleDescMatchMode is the schema descriptor for match_mode field.
 	errorpassthroughruleDescMatchMode := errorpassthroughruleFields[5].Descriptor()
 	// errorpassthroughrule.DefaultMatchMode holds the default value on creation for the match_mode field.
 	errorpassthroughrule.DefaultMatchMode = errorpassthroughruleDescMatchMode.Default.(string)
 	// errorpassthroughrule.MatchModeValidator is a validator for the "match_mode" field. It is called by the builders before save.
 	errorpassthroughrule.MatchModeValidator = errorpassthroughruleDescMatchMode.Validators[0].(func(string) error)
 	// errorpassthroughruleDescPassthroughCode is the schema descriptor for passthrough_code field.
 	errorpassthroughruleDescPassthroughCode := errorpassthroughruleFields[7].Descriptor()
 	// errorpassthroughrule.DefaultPassthroughCode holds the default value on creation for the passthrough_code field.
 	errorpassthroughrule.DefaultPassthroughCode = errorpassthroughruleDescPassthroughCode.Default.(bool)
 	// errorpassthroughruleDescPassthroughBody is the schema descriptor for passthrough_body field.
 	errorpassthroughruleDescPassthroughBody := errorpassthroughruleFields[9].Descriptor()
 	// errorpassthroughrule.DefaultPassthroughBody holds the default value on creation for the passthrough_body field.
 	errorpassthroughrule.DefaultPassthroughBody = errorpassthroughruleDescPassthroughBody.Default.(bool)
 	// errorpassthroughruleDescSkipMonitoring is the schema descriptor for skip_monitoring field.
 	errorpassthroughruleDescSkipMonitoring := errorpassthroughruleFields[11].Descriptor()
 	// errorpassthroughrule.DefaultSkipMonitoring holds the default value on creation for the skip_monitoring field.
 	errorpassthroughrule.DefaultSkipMonitoring = errorpassthroughruleDescSkipMonitoring.Default.(bool)
 	groupMixin := schema.Group{}.Mixin()
 	groupMixinHooks1 := groupMixin[1].Hooks()
 	group.Hooks[0] = groupMixinHooks1[0]
@@ -278,13 +399,25 @@ func init() {
 	// group.DefaultDefaultValidityDays holds the default value on creation for the default_validity_days field.
 	group.DefaultDefaultValidityDays = groupDescDefaultValidityDays.Default.(int)
 	// groupDescClaudeCodeOnly is the schema descriptor for claude_code_only field.
-	groupDescClaudeCodeOnly := groupFields[14].Descriptor()
+	groupDescClaudeCodeOnly := groupFields[18].Descriptor()
 	// group.DefaultClaudeCodeOnly holds the default value on creation for the claude_code_only field.
 	group.DefaultClaudeCodeOnly = groupDescClaudeCodeOnly.Default.(bool)
 	// groupDescModelRoutingEnabled is the schema descriptor for model_routing_enabled field.
-	groupDescModelRoutingEnabled := groupFields[17].Descriptor()
+	groupDescModelRoutingEnabled := groupFields[22].Descriptor()
 	// group.DefaultModelRoutingEnabled holds the default value on creation for the model_routing_enabled field.
 	group.DefaultModelRoutingEnabled = groupDescModelRoutingEnabled.Default.(bool)
 	// groupDescMcpXMLInject is the schema descriptor for mcp_xml_inject field.
 	groupDescMcpXMLInject := groupFields[23].Descriptor()
 	// group.DefaultMcpXMLInject holds the default value on creation for the mcp_xml_inject field.
 	group.DefaultMcpXMLInject = groupDescMcpXMLInject.Default.(bool)
 	// groupDescSupportedModelScopes is the schema descriptor for supported_model_scopes field.
 	groupDescSupportedModelScopes := groupFields[24].Descriptor()
 	// group.DefaultSupportedModelScopes holds the default value on creation for the supported_model_scopes field.
 	group.DefaultSupportedModelScopes = groupDescSupportedModelScopes.Default.([]string)
 	// groupDescSortOrder is the schema descriptor for sort_order field.
 	groupDescSortOrder := groupFields[25].Descriptor()
 	// group.DefaultSortOrder holds the default value on creation for the sort_order field.
 	group.DefaultSortOrder = groupDescSortOrder.Default.(int)
 	promocodeFields := schema.PromoCode{}.Fields()
 	_ = promocodeFields
 	// promocodeDescCode is the schema descriptor for code field.
@@ -470,6 +603,43 @@ func init() {
 	redeemcodeDescValidityDays := redeemcodeFields[9].Descriptor()
 	// redeemcode.DefaultValidityDays holds the default value on creation for the validity_days field.
 	redeemcode.DefaultValidityDays = redeemcodeDescValidityDays.Default.(int)
 	securitysecretMixin := schema.SecuritySecret{}.Mixin()
 	securitysecretMixinFields0 := securitysecretMixin[0].Fields()
 	_ = securitysecretMixinFields0
 	securitysecretFields := schema.SecuritySecret{}.Fields()
 	_ = securitysecretFields
 	// securitysecretDescCreatedAt is the schema descriptor for created_at field.
 	securitysecretDescCreatedAt := securitysecretMixinFields0[0].Descriptor()
 	// securitysecret.DefaultCreatedAt holds the default value on creation for the created_at field.
 	securitysecret.DefaultCreatedAt = securitysecretDescCreatedAt.Default.(func() time.Time)
 	// securitysecretDescUpdatedAt is the schema descriptor for updated_at field.
 	securitysecretDescUpdatedAt := securitysecretMixinFields0[1].Descriptor()
 	// securitysecret.DefaultUpdatedAt holds the default value on creation for the updated_at field.
 	securitysecret.DefaultUpdatedAt = securitysecretDescUpdatedAt.Default.(func() time.Time)
 	// securitysecret.UpdateDefaultUpdatedAt holds the default value on update for the updated_at field.
 	securitysecret.UpdateDefaultUpdatedAt = securitysecretDescUpdatedAt.UpdateDefault.(func() time.Time)
 	// securitysecretDescKey is the schema descriptor for key field.
 	securitysecretDescKey := securitysecretFields[0].Descriptor()
 	// securitysecret.KeyValidator is a validator for the "key" field. It is called by the builders before save.
 	securitysecret.KeyValidator = func() func(string) error {
 		validators := securitysecretDescKey.Validators
 		fns := [...]func(string) error{
 			validators[0].(func(string) error),
 			validators[1].(func(string) error),
 		}
 		return func(key string) error {
 			for _, fn := range fns {
 				if err := fn(key); err != nil {
 					return err
 				}
 			}
 			return nil
 		}
 	}()
 	// securitysecretDescValue is the schema descriptor for value field.
 	securitysecretDescValue := securitysecretFields[1].Descriptor()
 	// securitysecret.ValueValidator is a validator for the "value" field. It is called by the builders before save.
 	securitysecret.ValueValidator = securitysecretDescValue.Validators[0].(func(string) error)
 	settingFields := schema.Setting{}.Fields()
 	_ = settingFields
 	// settingDescKey is the schema descriptor for key field.
@@ -647,8 +817,16 @@ func init() {
 	usagelogDescImageSize := usagelogFields[28].Descriptor()
 	// usagelog.ImageSizeValidator is a validator for the "image_size" field. It is called by the builders before save.
 	usagelog.ImageSizeValidator = usagelogDescImageSize.Validators[0].(func(string) error)
 	// usagelogDescMediaType is the schema descriptor for media_type field.
 	usagelogDescMediaType := usagelogFields[29].Descriptor()
 	// usagelog.MediaTypeValidator is a validator for the "media_type" field. It is called by the builders before save.
 	usagelog.MediaTypeValidator = usagelogDescMediaType.Validators[0].(func(string) error)
 	// usagelogDescCacheTTLOverridden is the schema descriptor for cache_ttl_overridden field.
 	usagelogDescCacheTTLOverridden := usagelogFields[30].Descriptor()
 	// usagelog.DefaultCacheTTLOverridden holds the default value on creation for the cache_ttl_overridden field.
 	usagelog.DefaultCacheTTLOverridden = usagelogDescCacheTTLOverridden.Default.(bool)
 	// usagelogDescCreatedAt is the schema descriptor for created_at field.
-	usagelogDescCreatedAt := usagelogFields[29].Descriptor()
+	usagelogDescCreatedAt := usagelogFields[31].Descriptor()
 	// usagelog.DefaultCreatedAt holds the default value on creation for the created_at field.
 	usagelog.DefaultCreatedAt = usagelogDescCreatedAt.Default.(func() time.Time)
 	userMixin := schema.User{}.Mixin()
--- a/backend/ent/schema/account.go
+++ b/backend/ent/schema/account.go
@@ -4,7 +4,7 @@ package schema
 import (
 	"github.com/Wei-Shaw/sub2api/ent/schema/mixins"
-	"github.com/Wei-Shaw/sub2api/internal/service"
+	"github.com/Wei-Shaw/sub2api/internal/domain"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect"
@@ -111,7 +111,7 @@ func (Account) Fields() []ent.Field {
 		// status: 账户状态，如 "active", "error", "disabled"
 		field.String("status").
 			MaxLen(20).
-			Default(service.StatusActive),
+			Default(domain.StatusActive),
 		// error_message: 错误信息，记录账户异常时的详细信息
 		field.String("error_message").
--- a/backend/ent/schema/announcement.go
+++ b/backend/ent/schema/announcement.go
@@ -0,0 +1,90 @@
 package schema
 import (
 	"time"
 	"github.com/Wei-Shaw/sub2api/internal/domain"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect"
 	"entgo.io/ent/dialect/entsql"
 	"entgo.io/ent/schema"
 	"entgo.io/ent/schema/edge"
 	"entgo.io/ent/schema/field"
 	"entgo.io/ent/schema/index"
 )
 // Announcement holds the schema definition for the Announcement entity.
 //
 // 删除策略：硬删除（已读记录通过外键级联删除）
 type Announcement struct {
 	ent.Schema
 }
 func (Announcement) Annotations() []schema.Annotation {
 	return []schema.Annotation{
 		entsql.Annotation{Table: "announcements"},
 	}
 }
 func (Announcement) Fields() []ent.Field {
 	return []ent.Field{
 		field.String("title").
 			MaxLen(200).
 			NotEmpty().
 			Comment("公告标题"),
 		field.String("content").
 			SchemaType(map[string]string{dialect.Postgres: "text"}).
 			NotEmpty().
 			Comment("公告内容（支持 Markdown）"),
 		field.String("status").
 			MaxLen(20).
 			Default(domain.AnnouncementStatusDraft).
 			Comment("状态: draft, active, archived"),
 		field.JSON("targeting", domain.AnnouncementTargeting{}).
 			Optional().
 			SchemaType(map[string]string{dialect.Postgres: "jsonb"}).
 			Comment("展示条件（JSON 规则）"),
 		field.Time("starts_at").
 			Optional().
 			Nillable().
 			SchemaType(map[string]string{dialect.Postgres: "timestamptz"}).
 			Comment("开始展示时间（为空表示立即生效）"),
 		field.Time("ends_at").
 			Optional().
 			Nillable().
 			SchemaType(map[string]string{dialect.Postgres: "timestamptz"}).
 			Comment("结束展示时间（为空表示永久生效）"),
 		field.Int64("created_by").
 			Optional().
 			Nillable().
 			Comment("创建人用户ID（管理员）"),
 		field.Int64("updated_by").
 			Optional().
 			Nillable().
 			Comment("更新人用户ID（管理员）"),
 		field.Time("created_at").
 			Immutable().
 			Default(time.Now).
 			SchemaType(map[string]string{dialect.Postgres: "timestamptz"}),
 		field.Time("updated_at").
 			Default(time.Now).
 			UpdateDefault(time.Now).
 			SchemaType(map[string]string{dialect.Postgres: "timestamptz"}),
 	}
 }
 func (Announcement) Edges() []ent.Edge {
 	return []ent.Edge{
 		edge.To("reads", AnnouncementRead.Type),
 	}
 }
 func (Announcement) Indexes() []ent.Index {
 	return []ent.Index{
 		index.Fields("status"),
 		index.Fields("created_at"),
 		index.Fields("starts_at"),
 		index.Fields("ends_at"),
 	}
 }
--- a/backend/ent/schema/announcement_read.go
+++ b/backend/ent/schema/announcement_read.go
@@ -0,0 +1,65 @@
 package schema
 import (
 	"time"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect"
 	"entgo.io/ent/dialect/entsql"
 	"entgo.io/ent/schema"
 	"entgo.io/ent/schema/edge"
 	"entgo.io/ent/schema/field"
 	"entgo.io/ent/schema/index"
 )
 // AnnouncementRead holds the schema definition for the AnnouncementRead entity.
 //
 // 记录用户对公告的已读状态（首次已读时间）。
 type AnnouncementRead struct {
 	ent.Schema
 }
 func (AnnouncementRead) Annotations() []schema.Annotation {
 	return []schema.Annotation{
 		entsql.Annotation{Table: "announcement_reads"},
 	}
 }
 func (AnnouncementRead) Fields() []ent.Field {
 	return []ent.Field{
 		field.Int64("announcement_id"),
 		field.Int64("user_id"),
 		field.Time("read_at").
 			Default(time.Now).
 			SchemaType(map[string]string{dialect.Postgres: "timestamptz"}).
 			Comment("用户首次已读时间"),
 		field.Time("created_at").
 			Immutable().
 			Default(time.Now).
 			SchemaType(map[string]string{dialect.Postgres: "timestamptz"}),
 	}
 }
 func (AnnouncementRead) Edges() []ent.Edge {
 	return []ent.Edge{
 		edge.From("announcement", Announcement.Type).
 			Ref("reads").
 			Field("announcement_id").
 			Unique().
 			Required(),
 		edge.From("user", User.Type).
 			Ref("announcement_reads").
 			Field("user_id").
 			Unique().
 			Required(),
 	}
 }
 func (AnnouncementRead) Indexes() []ent.Index {
 	return []ent.Index{
 		index.Fields("announcement_id"),
 		index.Fields("user_id"),
 		index.Fields("read_at"),
 		index.Fields("announcement_id", "user_id").Unique(),
 	}
 }
--- a/backend/ent/schema/api_key.go
+++ b/backend/ent/schema/api_key.go
@@ -2,9 +2,10 @@ package schema
 import (
 	"github.com/Wei-Shaw/sub2api/ent/schema/mixins"
-	"github.com/Wei-Shaw/sub2api/internal/service"
+	"github.com/Wei-Shaw/sub2api/internal/domain"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect"
 	"entgo.io/ent/dialect/entsql"
 	"entgo.io/ent/schema"
 	"entgo.io/ent/schema/edge"
@@ -45,13 +46,34 @@ func (APIKey) Fields() []ent.Field {
 			Nillable(),
 		field.String("status").
 			MaxLen(20).
-			Default(service.StatusActive),
+			Default(domain.StatusActive),
 		field.Time("last_used_at").
 			Optional().
 			Nillable().
 			Comment("Last usage time of this API key"),
 		field.JSON("ip_whitelist", []string{}).
 			Optional().
 			Comment("Allowed IPs/CIDRs, e.g. [\"192.168.1.100\", \"10.0.0.0/8\"]"),
 		field.JSON("ip_blacklist", []string{}).
 			Optional().
 			Comment("Blocked IPs/CIDRs"),
 		// ========== Quota fields ==========
 		// Quota limit in USD (0 = unlimited)
 		field.Float("quota").
 			SchemaType(map[string]string{dialect.Postgres: "decimal(20,8)"}).
 			Default(0).
 			Comment("Quota limit in USD for this API key (0 = unlimited)"),
 		// Used quota amount
 		field.Float("quota_used").
 			SchemaType(map[string]string{dialect.Postgres: "decimal(20,8)"}).
 			Default(0).
 			Comment("Used quota amount in USD"),
 		// Expiration time (nil = never expires)
 		field.Time("expires_at").
 			Optional().
 			Nillable().
 			Comment("Expiration time for this API key (null = never expires)"),
 	}
 }
@@ -77,5 +99,9 @@ func (APIKey) Indexes() []ent.Index {
 		index.Fields("group_id"),
 		index.Fields("status"),
 		index.Fields("deleted_at"),
 		index.Fields("last_used_at"),
 		// Index for quota queries
 		index.Fields("quota", "quota_used"),
 		index.Fields("expires_at"),
 	}
 }
--- a/backend/ent/schema/error_passthrough_rule.go
+++ b/backend/ent/schema/error_passthrough_rule.go
@@ -0,0 +1,127 @@
 // Package schema 定义 Ent ORM 的数据库 schema。
 package schema
 import (
 	"github.com/Wei-Shaw/sub2api/ent/schema/mixins"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect"
 	"entgo.io/ent/dialect/entsql"
 	"entgo.io/ent/schema"
 	"entgo.io/ent/schema/field"
 	"entgo.io/ent/schema/index"
 )
 // ErrorPassthroughRule 定义全局错误透传规则的 schema。
 //
 // 错误透传规则用于控制上游错误如何返回给客户端：
 //   - 匹配条件：错误码 + 关键词组合
 //   - 响应行为：透传原始信息 或 自定义错误信息
 //   - 响应状态码：可指定返回给客户端的状态码
 //   - 平台范围：规则适用的平台（Anthropic、OpenAI、Gemini、Antigravity）
 type ErrorPassthroughRule struct {
 	ent.Schema
 }
 // Annotations 返回 schema 的注解配置。
 func (ErrorPassthroughRule) Annotations() []schema.Annotation {
 	return []schema.Annotation{
 		entsql.Annotation{Table: "error_passthrough_rules"},
 	}
 }
 // Mixin 返回该 schema 使用的混入组件。
 func (ErrorPassthroughRule) Mixin() []ent.Mixin {
 	return []ent.Mixin{
 		mixins.TimeMixin{},
 	}
 }
 // Fields 定义错误透传规则实体的所有字段。
 func (ErrorPassthroughRule) Fields() []ent.Field {
 	return []ent.Field{
 		// name: 规则名称，用于在界面中标识规则
 		field.String("name").
 			MaxLen(100).
 			NotEmpty(),
 		// enabled: 是否启用该规则
 		field.Bool("enabled").
 			Default(true),
 		// priority: 规则优先级，数值越小优先级越高
 		// 匹配时按优先级顺序检查，命中第一个匹配的规则
 		field.Int("priority").
 			Default(0),
 		// error_codes: 匹配的错误码列表（OR关系）
 		// 例如：[422, 400] 表示匹配 422 或 400 错误码
 		field.JSON("error_codes", []int{}).
 			Optional().
 			SchemaType(map[string]string{dialect.Postgres: "jsonb"}),
 		// keywords: 匹配的关键词列表（OR关系）
 		// 例如：["context limit", "model not supported"]
 		// 关键词匹配不区分大小写
 		field.JSON("keywords", []string{}).
 			Optional().
 			SchemaType(map[string]string{dialect.Postgres: "jsonb"}),
 		// match_mode: 匹配模式
 		// - "any": 错误码匹配 OR 关键词匹配（任一条件满足即可）
 		// - "all": 错误码匹配 AND 关键词匹配（所有条件都必须满足）
 		field.String("match_mode").
 			MaxLen(10).
 			Default("any"),
 		// platforms: 适用平台列表
 		// 例如：["anthropic", "openai", "gemini", "antigravity"]
 		// 空列表表示适用于所有平台
 		field.JSON("platforms", []string{}).
 			Optional().
 			SchemaType(map[string]string{dialect.Postgres: "jsonb"}),
 		// passthrough_code: 是否透传上游原始状态码
 		// true: 使用上游返回的状态码
 		// false: 使用 response_code 指定的状态码
 		field.Bool("passthrough_code").
 			Default(true),
 		// response_code: 自定义响应状态码
 		// 当 passthrough_code=false 时使用此状态码
 		field.Int("response_code").
 			Optional().
 			Nillable(),
 		// passthrough_body: 是否透传上游原始错误信息
 		// true: 使用上游返回的错误信息
 		// false: 使用 custom_message 指定的错误信息
 		field.Bool("passthrough_body").
 			Default(true),
 		// custom_message: 自定义错误信息
 		// 当 passthrough_body=false 时使用此错误信息
 		field.Text("custom_message").
 			Optional().
 			Nillable(),
 		// skip_monitoring: 是否跳过运维监控记录
 		// true: 匹配此规则的错误不会被记录到 ops_error_logs
 		// false: 正常记录到运维监控（默认行为）
 		field.Bool("skip_monitoring").
 			Default(false),
 		// description: 规则描述，用于说明规则的用途
 		field.Text("description").
 			Optional().
 			Nillable(),
 	}
 }
 // Indexes 定义数据库索引，优化查询性能。
 func (ErrorPassthroughRule) Indexes() []ent.Index {
 	return []ent.Index{
 		index.Fields("enabled"),  // 筛选启用的规则
 		index.Fields("priority"), // 按优先级排序
 	}
 }
--- a/backend/ent/schema/group.go
+++ b/backend/ent/schema/group.go
@@ -2,7 +2,7 @@ package schema
 import (
 	"github.com/Wei-Shaw/sub2api/ent/schema/mixins"
-	"github.com/Wei-Shaw/sub2api/internal/service"
+	"github.com/Wei-Shaw/sub2api/internal/domain"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect"
@@ -49,15 +49,15 @@ func (Group) Fields() []ent.Field {
 			Default(false),
 		field.String("status").
 			MaxLen(20).
-			Default(service.StatusActive),
+			Default(domain.StatusActive),
 		// Subscription-related fields (added by migration 003)
 		field.String("platform").
 			MaxLen(50).
-			Default(service.PlatformAnthropic),
+			Default(domain.PlatformAnthropic),
 		field.String("subscription_type").
 			MaxLen(20).
-			Default(service.SubscriptionTypeStandard),
+			Default(domain.SubscriptionTypeStandard),
 		field.Float("daily_limit_usd").
 			Optional().
 			Nillable().
@@ -87,6 +87,24 @@ func (Group) Fields() []ent.Field {
 			Nillable().
 			SchemaType(map[string]string{dialect.Postgres: "decimal(20,8)"}),
 		// Sora 按次计费配置（阶段 1）
 		field.Float("sora_image_price_360").
 			Optional().
 			Nillable().
 			SchemaType(map[string]string{dialect.Postgres: "decimal(20,8)"}),
 		field.Float("sora_image_price_540").
 			Optional().
 			Nillable().
 			SchemaType(map[string]string{dialect.Postgres: "decimal(20,8)"}),
 		field.Float("sora_video_price_per_request").
 			Optional().
 			Nillable().
 			SchemaType(map[string]string{dialect.Postgres: "decimal(20,8)"}),
 		field.Float("sora_video_price_per_request_hd").
 			Optional().
 			Nillable().
 			SchemaType(map[string]string{dialect.Postgres: "decimal(20,8)"}),
 		// Claude Code 客户端限制 (added by migration 029)
 		field.Bool("claude_code_only").
 			Default(false).
@@ -95,6 +113,10 @@ func (Group) Fields() []ent.Field {
 			Optional().
 			Nillable().
 			Comment("非 Claude Code 请求降级使用的分组 ID"),
 		field.Int64("fallback_group_id_on_invalid_request").
 			Optional().
 			Nillable().
 			Comment("无效请求兜底使用的分组 ID"),
 		// 模型路由配置 (added by migration 040)
 		field.JSON("model_routing", map[string][]int64{}).
@@ -106,6 +128,22 @@ func (Group) Fields() []ent.Field {
 		field.Bool("model_routing_enabled").
 			Default(false).
 			Comment("是否启用模型路由配置"),
 		// MCP XML 协议注入开关 (added by migration 042)
 		field.Bool("mcp_xml_inject").
 			Default(true).
 			Comment("是否注入 MCP XML 调用协议提示词（仅 antigravity 平台）"),
 		// 支持的模型系列 (added by migration 046)
 		field.JSON("supported_model_scopes", []string{}).
 			Default([]string{"claude", "gemini_text", "gemini_image"}).
 			SchemaType(map[string]string{dialect.Postgres: "jsonb"}).
 			Comment("支持的模型系列：claude, gemini_text, gemini_image"),
 		// 分组排序 (added by migration 052)
 		field.Int("sort_order").
 			Default(0).
 			Comment("分组显示排序，数值越小越靠前"),
 	}
 }
@@ -134,5 +172,6 @@ func (Group) Indexes() []ent.Index {
 		index.Fields("subscription_type"),
 		index.Fields("is_exclusive"),
 		index.Fields("deleted_at"),
 		index.Fields("sort_order"),
 	}
 }
--- a/backend/ent/schema/idempotency_record.go
+++ b/backend/ent/schema/idempotency_record.go
@@ -0,0 +1,50 @@
 package schema
 import (
 	"github.com/Wei-Shaw/sub2api/ent/schema/mixins"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect/entsql"
 	"entgo.io/ent/schema"
 	"entgo.io/ent/schema/field"
 	"entgo.io/ent/schema/index"
 )
 // IdempotencyRecord 幂等请求记录表。
 type IdempotencyRecord struct {
 	ent.Schema
 }
 func (IdempotencyRecord) Annotations() []schema.Annotation {
 	return []schema.Annotation{
 		entsql.Annotation{Table: "idempotency_records"},
 	}
 }
 func (IdempotencyRecord) Mixin() []ent.Mixin {
 	return []ent.Mixin{
 		mixins.TimeMixin{},
 	}
 }
 func (IdempotencyRecord) Fields() []ent.Field {
 	return []ent.Field{
 		field.String("scope").MaxLen(128),
 		field.String("idempotency_key_hash").MaxLen(64),
 		field.String("request_fingerprint").MaxLen(64),
 		field.String("status").MaxLen(32),
 		field.Int("response_status").Optional().Nillable(),
 		field.String("response_body").Optional().Nillable(),
 		field.String("error_reason").MaxLen(128).Optional().Nillable(),
 		field.Time("locked_until").Optional().Nillable(),
 		field.Time("expires_at"),
 	}
 }
 func (IdempotencyRecord) Indexes() []ent.Index {
 	return []ent.Index{
 		index.Fields("scope", "idempotency_key_hash").Unique(),
 		index.Fields("expires_at"),
 		index.Fields("status", "locked_until"),
 	}
 }
--- a/backend/ent/schema/promo_code.go
+++ b/backend/ent/schema/promo_code.go
@@ -3,7 +3,7 @@ package schema
 import (
 	"time"
-	"github.com/Wei-Shaw/sub2api/internal/service"
+	"github.com/Wei-Shaw/sub2api/internal/domain"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect"
@@ -49,7 +49,7 @@ func (PromoCode) Fields() []ent.Field {
 			Comment("已使用次数"),
 		field.String("status").
 			MaxLen(20).
-			Default(service.PromoCodeStatusActive).
+			Default(domain.PromoCodeStatusActive).
 			Comment("状态: active, disabled"),
 		field.Time("expires_at").
 			Optional().
--- a/backend/ent/schema/redeem_code.go
+++ b/backend/ent/schema/redeem_code.go
@@ -3,7 +3,7 @@ package schema
 import (
 	"time"
-	"github.com/Wei-Shaw/sub2api/internal/service"
+	"github.com/Wei-Shaw/sub2api/internal/domain"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect"
@@ -41,13 +41,13 @@ func (RedeemCode) Fields() []ent.Field {
 			Unique(),
 		field.String("type").
 			MaxLen(20).
-			Default(service.RedeemTypeBalance),
+			Default(domain.RedeemTypeBalance),
 		field.Float("value").
 			SchemaType(map[string]string{dialect.Postgres: "decimal(20,8)"}).
 			Default(0),
 		field.String("status").
 			MaxLen(20).
-			Default(service.StatusUnused),
+			Default(domain.StatusUnused),
 		field.Int64("used_by").
 			Optional().
 			Nillable(),
--- a/backend/ent/schema/security_secret.go
+++ b/backend/ent/schema/security_secret.go
@@ -0,0 +1,42 @@
 package schema
 import (
 	"github.com/Wei-Shaw/sub2api/ent/schema/mixins"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect"
 	"entgo.io/ent/dialect/entsql"
 	"entgo.io/ent/schema"
 	"entgo.io/ent/schema/field"
 )
 // SecuritySecret 存储系统级安全密钥（如 JWT 签名密钥、TOTP 加密密钥）。
 type SecuritySecret struct {
 	ent.Schema
 }
 func (SecuritySecret) Annotations() []schema.Annotation {
 	return []schema.Annotation{
 		entsql.Annotation{Table: "security_secrets"},
 	}
 }
 func (SecuritySecret) Mixin() []ent.Mixin {
 	return []ent.Mixin{
 		mixins.TimeMixin{},
 	}
 }
 func (SecuritySecret) Fields() []ent.Field {
 	return []ent.Field{
 		field.String("key").
 			MaxLen(100).
 			NotEmpty().
 			Unique(),
 		field.String("value").
 			NotEmpty().
 			SchemaType(map[string]string{
 				dialect.Postgres: "text",
 			}),
 	}
 }
--- a/backend/ent/schema/usage_log.go
+++ b/backend/ent/schema/usage_log.go
@@ -118,6 +118,15 @@ func (UsageLog) Fields() []ent.Field {
 			MaxLen(10).
 			Optional().
 			Nillable(),
 		// 媒体类型字段（sora 使用）
 		field.String("media_type").
 			MaxLen(16).
 			Optional().
 			Nillable(),
 		// Cache TTL Override 标记（管理员强制替换了缓存 TTL 计费）
 		field.Bool("cache_ttl_overridden").
 			Default(false),
 		// 时间戳（只有 created_at，日志不可修改）
 		field.Time("created_at").
--- a/backend/ent/schema/user.go
+++ b/backend/ent/schema/user.go
@@ -2,7 +2,7 @@ package schema
 import (
 	"github.com/Wei-Shaw/sub2api/ent/schema/mixins"
-	"github.com/Wei-Shaw/sub2api/internal/service"
+	"github.com/Wei-Shaw/sub2api/internal/domain"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect"
@@ -43,7 +43,7 @@ func (User) Fields() []ent.Field {
 			NotEmpty(),
 		field.String("role").
 			MaxLen(20).
-			Default(service.RoleUser),
+			Default(domain.RoleUser),
 		field.Float("balance").
 			SchemaType(map[string]string{dialect.Postgres: "decimal(20,8)"}).
 			Default(0),
@@ -51,7 +51,7 @@ func (User) Fields() []ent.Field {
 			Default(5),
 		field.String("status").
 			MaxLen(20).
-			Default(service.StatusActive),
+			Default(domain.StatusActive),
 		// Optional profile fields (added later; default '' in DB migration)
 		field.String("username").
@@ -81,6 +81,7 @@ func (User) Edges() []ent.Edge {
 		edge.To("redeem_codes", RedeemCode.Type),
 		edge.To("subscriptions", UserSubscription.Type),
 		edge.To("assigned_subscriptions", UserSubscription.Type),
 		edge.To("announcement_reads", AnnouncementRead.Type),
 		edge.To("allowed_groups", Group.Type).
 			Through("user_allowed_groups", UserAllowedGroup.Type),
 		edge.To("usage_logs", UsageLog.Type),
--- a/backend/ent/schema/user_subscription.go
+++ b/backend/ent/schema/user_subscription.go
@@ -4,7 +4,7 @@ import (
 	"time"
 	"github.com/Wei-Shaw/sub2api/ent/schema/mixins"
-	"github.com/Wei-Shaw/sub2api/internal/service"
+	"github.com/Wei-Shaw/sub2api/internal/domain"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect"
@@ -44,7 +44,7 @@ func (UserSubscription) Fields() []ent.Field {
 			SchemaType(map[string]string{dialect.Postgres: "timestamptz"}),
 		field.String("status").
 			MaxLen(20).
-			Default(service.SubscriptionStatusActive),
+			Default(domain.SubscriptionStatusActive),
 		field.Time("daily_window_start").
 			Optional().
--- a/backend/ent/securitysecret.go
+++ b/backend/ent/securitysecret.go
@@ -0,0 +1,139 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"fmt"
 	"strings"
 	"time"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect/sql"
 	"github.com/Wei-Shaw/sub2api/ent/securitysecret"
 )
 // SecuritySecret is the model entity for the SecuritySecret schema.
 type SecuritySecret struct {
 	config `json:"-"`
 	// ID of the ent.
 	ID int64 `json:"id,omitempty"`
 	// CreatedAt holds the value of the "created_at" field.
 	CreatedAt time.Time `json:"created_at,omitempty"`
 	// UpdatedAt holds the value of the "updated_at" field.
 	UpdatedAt time.Time `json:"updated_at,omitempty"`
 	// Key holds the value of the "key" field.
 	Key string `json:"key,omitempty"`
 	// Value holds the value of the "value" field.
 	Value        string `json:"value,omitempty"`
 	selectValues sql.SelectValues
 }
 // scanValues returns the types for scanning values from sql.Rows.
 func (*SecuritySecret) scanValues(columns []string) ([]any, error) {
 	values := make([]any, len(columns))
 	for i := range columns {
 		switch columns[i] {
 		case securitysecret.FieldID:
 			values[i] = new(sql.NullInt64)
 		case securitysecret.FieldKey, securitysecret.FieldValue:
 			values[i] = new(sql.NullString)
 		case securitysecret.FieldCreatedAt, securitysecret.FieldUpdatedAt:
 			values[i] = new(sql.NullTime)
 		default:
 			values[i] = new(sql.UnknownType)
 		}
 	}
 	return values, nil
 }
 // assignValues assigns the values that were returned from sql.Rows (after scanning)
 // to the SecuritySecret fields.
 func (_m *SecuritySecret) assignValues(columns []string, values []any) error {
 	if m, n := len(values), len(columns); m < n {
 		return fmt.Errorf("mismatch number of scan values: %d != %d", m, n)
 	}
 	for i := range columns {
 		switch columns[i] {
 		case securitysecret.FieldID:
 			value, ok := values[i].(*sql.NullInt64)
 			if !ok {
 				return fmt.Errorf("unexpected type %T for field id", value)
 			}
 			_m.ID = int64(value.Int64)
 		case securitysecret.FieldCreatedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field created_at", values[i])
 			} else if value.Valid {
 				_m.CreatedAt = value.Time
 			}
 		case securitysecret.FieldUpdatedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field updated_at", values[i])
 			} else if value.Valid {
 				_m.UpdatedAt = value.Time
 			}
 		case securitysecret.FieldKey:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field key", values[i])
 			} else if value.Valid {
 				_m.Key = value.String
 			}
 		case securitysecret.FieldValue:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field value", values[i])
 			} else if value.Valid {
 				_m.Value = value.String
 			}
 		default:
 			_m.selectValues.Set(columns[i], values[i])
 		}
 	}
 	return nil
 }
 // GetValue returns the ent.Value that was dynamically selected and assigned to the SecuritySecret.
 // This includes values selected through modifiers, order, etc.
 func (_m *SecuritySecret) GetValue(name string) (ent.Value, error) {
 	return _m.selectValues.Get(name)
 }
 // Update returns a builder for updating this SecuritySecret.
 // Note that you need to call SecuritySecret.Unwrap() before calling this method if this SecuritySecret
 // was returned from a transaction, and the transaction was committed or rolled back.
 func (_m *SecuritySecret) Update() *SecuritySecretUpdateOne {
 	return NewSecuritySecretClient(_m.config).UpdateOne(_m)
 }
 // Unwrap unwraps the SecuritySecret entity that was returned from a transaction after it was closed,
 // so that all future queries will be executed through the driver which created the transaction.
 func (_m *SecuritySecret) Unwrap() *SecuritySecret {
 	_tx, ok := _m.config.driver.(*txDriver)
 	if !ok {
 		panic("ent: SecuritySecret is not a transactional entity")
 	}
 	_m.config.driver = _tx.drv
 	return _m
 }
 // String implements the fmt.Stringer.
 func (_m *SecuritySecret) String() string {
 	var builder strings.Builder
 	builder.WriteString("SecuritySecret(")
 	builder.WriteString(fmt.Sprintf("id=%v, ", _m.ID))
 	builder.WriteString("created_at=")
 	builder.WriteString(_m.CreatedAt.Format(time.ANSIC))
 	builder.WriteString(", ")
 	builder.WriteString("updated_at=")
 	builder.WriteString(_m.UpdatedAt.Format(time.ANSIC))
 	builder.WriteString(", ")
 	builder.WriteString("key=")
 	builder.WriteString(_m.Key)
 	builder.WriteString(", ")
 	builder.WriteString("value=")
 	builder.WriteString(_m.Value)
 	builder.WriteByte(')')
 	return builder.String()
 }
 // SecuritySecrets is a parsable slice of SecuritySecret.
 type SecuritySecrets []*SecuritySecret
--- a/backend/ent/securitysecret/securitysecret.go
+++ b/backend/ent/securitysecret/securitysecret.go
@@ -0,0 +1,86 @@
 // Code generated by ent, DO NOT EDIT.
 package securitysecret
 import (
 	"time"
 	"entgo.io/ent/dialect/sql"
 )
 const (
 	// Label holds the string label denoting the securitysecret type in the database.
 	Label = "security_secret"
 	// FieldID holds the string denoting the id field in the database.
 	FieldID = "id"
 	// FieldCreatedAt holds the string denoting the created_at field in the database.
 	FieldCreatedAt = "created_at"
 	// FieldUpdatedAt holds the string denoting the updated_at field in the database.
 	FieldUpdatedAt = "updated_at"
 	// FieldKey holds the string denoting the key field in the database.
 	FieldKey = "key"
 	// FieldValue holds the string denoting the value field in the database.
 	FieldValue = "value"
 	// Table holds the table name of the securitysecret in the database.
 	Table = "security_secrets"
 )
 // Columns holds all SQL columns for securitysecret fields.
 var Columns = []string{
 	FieldID,
 	FieldCreatedAt,
 	FieldUpdatedAt,
 	FieldKey,
 	FieldValue,
 }
 // ValidColumn reports if the column name is valid (part of the table columns).
 func ValidColumn(column string) bool {
 	for i := range Columns {
 		if column == Columns[i] {
 			return true
 		}
 	}
 	return false
 }
 var (
 	// DefaultCreatedAt holds the default value on creation for the "created_at" field.
 	DefaultCreatedAt func() time.Time
 	// DefaultUpdatedAt holds the default value on creation for the "updated_at" field.
 	DefaultUpdatedAt func() time.Time
 	// UpdateDefaultUpdatedAt holds the default value on update for the "updated_at" field.
 	UpdateDefaultUpdatedAt func() time.Time
 	// KeyValidator is a validator for the "key" field. It is called by the builders before save.
 	KeyValidator func(string) error
 	// ValueValidator is a validator for the "value" field. It is called by the builders before save.
 	ValueValidator func(string) error
 )
 // OrderOption defines the ordering options for the SecuritySecret queries.
 type OrderOption func(*sql.Selector)
 // ByID orders the results by the id field.
 func ByID(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldID, opts...).ToFunc()
 }
 // ByCreatedAt orders the results by the created_at field.
 func ByCreatedAt(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldCreatedAt, opts...).ToFunc()
 }
 // ByUpdatedAt orders the results by the updated_at field.
 func ByUpdatedAt(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldUpdatedAt, opts...).ToFunc()
 }
 // ByKey orders the results by the key field.
 func ByKey(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldKey, opts...).ToFunc()
 }
 // ByValue orders the results by the value field.
 func ByValue(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldValue, opts...).ToFunc()
 }
--- a/backend/ent/securitysecret/where.go
+++ b/backend/ent/securitysecret/where.go
@@ -0,0 +1,300 @@
 // Code generated by ent, DO NOT EDIT.
 package securitysecret
 import (
 	"time"
 	"entgo.io/ent/dialect/sql"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 )
 // ID filters vertices based on their ID field.
 func ID(id int64) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldEQ(FieldID, id))
 }
 // IDEQ applies the EQ predicate on the ID field.
 func IDEQ(id int64) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldEQ(FieldID, id))
 }
 // IDNEQ applies the NEQ predicate on the ID field.
 func IDNEQ(id int64) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldNEQ(FieldID, id))
 }
 // IDIn applies the In predicate on the ID field.
 func IDIn(ids ...int64) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldIn(FieldID, ids...))
 }
 // IDNotIn applies the NotIn predicate on the ID field.
 func IDNotIn(ids ...int64) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldNotIn(FieldID, ids...))
 }
 // IDGT applies the GT predicate on the ID field.
 func IDGT(id int64) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldGT(FieldID, id))
 }
 // IDGTE applies the GTE predicate on the ID field.
 func IDGTE(id int64) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldGTE(FieldID, id))
 }
 // IDLT applies the LT predicate on the ID field.
 func IDLT(id int64) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldLT(FieldID, id))
 }
 // IDLTE applies the LTE predicate on the ID field.
 func IDLTE(id int64) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldLTE(FieldID, id))
 }
 // CreatedAt applies equality check predicate on the "created_at" field. It's identical to CreatedAtEQ.
 func CreatedAt(v time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldEQ(FieldCreatedAt, v))
 }
 // UpdatedAt applies equality check predicate on the "updated_at" field. It's identical to UpdatedAtEQ.
 func UpdatedAt(v time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldEQ(FieldUpdatedAt, v))
 }
 // Key applies equality check predicate on the "key" field. It's identical to KeyEQ.
 func Key(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldEQ(FieldKey, v))
 }
 // Value applies equality check predicate on the "value" field. It's identical to ValueEQ.
 func Value(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldEQ(FieldValue, v))
 }
 // CreatedAtEQ applies the EQ predicate on the "created_at" field.
 func CreatedAtEQ(v time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldEQ(FieldCreatedAt, v))
 }
 // CreatedAtNEQ applies the NEQ predicate on the "created_at" field.
 func CreatedAtNEQ(v time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldNEQ(FieldCreatedAt, v))
 }
 // CreatedAtIn applies the In predicate on the "created_at" field.
 func CreatedAtIn(vs ...time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldIn(FieldCreatedAt, vs...))
 }
 // CreatedAtNotIn applies the NotIn predicate on the "created_at" field.
 func CreatedAtNotIn(vs ...time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldNotIn(FieldCreatedAt, vs...))
 }
 // CreatedAtGT applies the GT predicate on the "created_at" field.
 func CreatedAtGT(v time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldGT(FieldCreatedAt, v))
 }
 // CreatedAtGTE applies the GTE predicate on the "created_at" field.
 func CreatedAtGTE(v time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldGTE(FieldCreatedAt, v))
 }
 // CreatedAtLT applies the LT predicate on the "created_at" field.
 func CreatedAtLT(v time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldLT(FieldCreatedAt, v))
 }
 // CreatedAtLTE applies the LTE predicate on the "created_at" field.
 func CreatedAtLTE(v time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldLTE(FieldCreatedAt, v))
 }
 // UpdatedAtEQ applies the EQ predicate on the "updated_at" field.
 func UpdatedAtEQ(v time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldEQ(FieldUpdatedAt, v))
 }
 // UpdatedAtNEQ applies the NEQ predicate on the "updated_at" field.
 func UpdatedAtNEQ(v time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldNEQ(FieldUpdatedAt, v))
 }
 // UpdatedAtIn applies the In predicate on the "updated_at" field.
 func UpdatedAtIn(vs ...time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldIn(FieldUpdatedAt, vs...))
 }
 // UpdatedAtNotIn applies the NotIn predicate on the "updated_at" field.
 func UpdatedAtNotIn(vs ...time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldNotIn(FieldUpdatedAt, vs...))
 }
 // UpdatedAtGT applies the GT predicate on the "updated_at" field.
 func UpdatedAtGT(v time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldGT(FieldUpdatedAt, v))
 }
 // UpdatedAtGTE applies the GTE predicate on the "updated_at" field.
 func UpdatedAtGTE(v time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldGTE(FieldUpdatedAt, v))
 }
 // UpdatedAtLT applies the LT predicate on the "updated_at" field.
 func UpdatedAtLT(v time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldLT(FieldUpdatedAt, v))
 }
 // UpdatedAtLTE applies the LTE predicate on the "updated_at" field.
 func UpdatedAtLTE(v time.Time) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldLTE(FieldUpdatedAt, v))
 }
 // KeyEQ applies the EQ predicate on the "key" field.
 func KeyEQ(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldEQ(FieldKey, v))
 }
 // KeyNEQ applies the NEQ predicate on the "key" field.
 func KeyNEQ(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldNEQ(FieldKey, v))
 }
 // KeyIn applies the In predicate on the "key" field.
 func KeyIn(vs ...string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldIn(FieldKey, vs...))
 }
 // KeyNotIn applies the NotIn predicate on the "key" field.
 func KeyNotIn(vs ...string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldNotIn(FieldKey, vs...))
 }
 // KeyGT applies the GT predicate on the "key" field.
 func KeyGT(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldGT(FieldKey, v))
 }
 // KeyGTE applies the GTE predicate on the "key" field.
 func KeyGTE(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldGTE(FieldKey, v))
 }
 // KeyLT applies the LT predicate on the "key" field.
 func KeyLT(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldLT(FieldKey, v))
 }
 // KeyLTE applies the LTE predicate on the "key" field.
 func KeyLTE(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldLTE(FieldKey, v))
 }
 // KeyContains applies the Contains predicate on the "key" field.
 func KeyContains(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldContains(FieldKey, v))
 }
 // KeyHasPrefix applies the HasPrefix predicate on the "key" field.
 func KeyHasPrefix(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldHasPrefix(FieldKey, v))
 }
 // KeyHasSuffix applies the HasSuffix predicate on the "key" field.
 func KeyHasSuffix(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldHasSuffix(FieldKey, v))
 }
 // KeyEqualFold applies the EqualFold predicate on the "key" field.
 func KeyEqualFold(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldEqualFold(FieldKey, v))
 }
 // KeyContainsFold applies the ContainsFold predicate on the "key" field.
 func KeyContainsFold(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldContainsFold(FieldKey, v))
 }
 // ValueEQ applies the EQ predicate on the "value" field.
 func ValueEQ(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldEQ(FieldValue, v))
 }
 // ValueNEQ applies the NEQ predicate on the "value" field.
 func ValueNEQ(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldNEQ(FieldValue, v))
 }
 // ValueIn applies the In predicate on the "value" field.
 func ValueIn(vs ...string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldIn(FieldValue, vs...))
 }
 // ValueNotIn applies the NotIn predicate on the "value" field.
 func ValueNotIn(vs ...string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldNotIn(FieldValue, vs...))
 }
 // ValueGT applies the GT predicate on the "value" field.
 func ValueGT(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldGT(FieldValue, v))
 }
 // ValueGTE applies the GTE predicate on the "value" field.
 func ValueGTE(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldGTE(FieldValue, v))
 }
 // ValueLT applies the LT predicate on the "value" field.
 func ValueLT(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldLT(FieldValue, v))
 }
 // ValueLTE applies the LTE predicate on the "value" field.
 func ValueLTE(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldLTE(FieldValue, v))
 }
 // ValueContains applies the Contains predicate on the "value" field.
 func ValueContains(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldContains(FieldValue, v))
 }
 // ValueHasPrefix applies the HasPrefix predicate on the "value" field.
 func ValueHasPrefix(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldHasPrefix(FieldValue, v))
 }
 // ValueHasSuffix applies the HasSuffix predicate on the "value" field.
 func ValueHasSuffix(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldHasSuffix(FieldValue, v))
 }
 // ValueEqualFold applies the EqualFold predicate on the "value" field.
 func ValueEqualFold(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldEqualFold(FieldValue, v))
 }
 // ValueContainsFold applies the ContainsFold predicate on the "value" field.
 func ValueContainsFold(v string) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.FieldContainsFold(FieldValue, v))
 }
 // And groups predicates with the AND operator between them.
 func And(predicates ...predicate.SecuritySecret) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.AndPredicates(predicates...))
 }
 // Or groups predicates with the OR operator between them.
 func Or(predicates ...predicate.SecuritySecret) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.OrPredicates(predicates...))
 }
 // Not applies the not operator on the given predicate.
 func Not(p predicate.SecuritySecret) predicate.SecuritySecret {
 	return predicate.SecuritySecret(sql.NotPredicates(p))
 }
--- a/backend/ent/securitysecret_create.go
+++ b/backend/ent/securitysecret_create.go
@@ -0,0 +1,626 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"context"
 	"errors"
 	"fmt"
 	"time"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/securitysecret"
 )
 // SecuritySecretCreate is the builder for creating a SecuritySecret entity.
 type SecuritySecretCreate struct {
 	config
 	mutation *SecuritySecretMutation
 	hooks    []Hook
 	conflict []sql.ConflictOption
 }
 // SetCreatedAt sets the "created_at" field.
 func (_c *SecuritySecretCreate) SetCreatedAt(v time.Time) *SecuritySecretCreate {
 	_c.mutation.SetCreatedAt(v)
 	return _c
 }
 // SetNillableCreatedAt sets the "created_at" field if the given value is not nil.
 func (_c *SecuritySecretCreate) SetNillableCreatedAt(v *time.Time) *SecuritySecretCreate {
 	if v != nil {
 		_c.SetCreatedAt(*v)
 	}
 	return _c
 }
 // SetUpdatedAt sets the "updated_at" field.
 func (_c *SecuritySecretCreate) SetUpdatedAt(v time.Time) *SecuritySecretCreate {
 	_c.mutation.SetUpdatedAt(v)
 	return _c
 }
 // SetNillableUpdatedAt sets the "updated_at" field if the given value is not nil.
 func (_c *SecuritySecretCreate) SetNillableUpdatedAt(v *time.Time) *SecuritySecretCreate {
 	if v != nil {
 		_c.SetUpdatedAt(*v)
 	}
 	return _c
 }
 // SetKey sets the "key" field.
 func (_c *SecuritySecretCreate) SetKey(v string) *SecuritySecretCreate {
 	_c.mutation.SetKey(v)
 	return _c
 }
 // SetValue sets the "value" field.
 func (_c *SecuritySecretCreate) SetValue(v string) *SecuritySecretCreate {
 	_c.mutation.SetValue(v)
 	return _c
 }
 // Mutation returns the SecuritySecretMutation object of the builder.
 func (_c *SecuritySecretCreate) Mutation() *SecuritySecretMutation {
 	return _c.mutation
 }
 // Save creates the SecuritySecret in the database.
 func (_c *SecuritySecretCreate) Save(ctx context.Context) (*SecuritySecret, error) {
 	_c.defaults()
 	return withHooks(ctx, _c.sqlSave, _c.mutation, _c.hooks)
 }
 // SaveX calls Save and panics if Save returns an error.
 func (_c *SecuritySecretCreate) SaveX(ctx context.Context) *SecuritySecret {
 	v, err := _c.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return v
 }
 // Exec executes the query.
 func (_c *SecuritySecretCreate) Exec(ctx context.Context) error {
 	_, err := _c.Save(ctx)
 	return err
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_c *SecuritySecretCreate) ExecX(ctx context.Context) {
 	if err := _c.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 // defaults sets the default values of the builder before save.
 func (_c *SecuritySecretCreate) defaults() {
 	if _, ok := _c.mutation.CreatedAt(); !ok {
 		v := securitysecret.DefaultCreatedAt()
 		_c.mutation.SetCreatedAt(v)
 	}
 	if _, ok := _c.mutation.UpdatedAt(); !ok {
 		v := securitysecret.DefaultUpdatedAt()
 		_c.mutation.SetUpdatedAt(v)
 	}
 }
 // check runs all checks and user-defined validators on the builder.
 func (_c *SecuritySecretCreate) check() error {
 	if _, ok := _c.mutation.CreatedAt(); !ok {
 		return &ValidationError{Name: "created_at", err: errors.New(`ent: missing required field "SecuritySecret.created_at"`)}
 	}
 	if _, ok := _c.mutation.UpdatedAt(); !ok {
 		return &ValidationError{Name: "updated_at", err: errors.New(`ent: missing required field "SecuritySecret.updated_at"`)}
 	}
 	if _, ok := _c.mutation.Key(); !ok {
 		return &ValidationError{Name: "key", err: errors.New(`ent: missing required field "SecuritySecret.key"`)}
 	}
 	if v, ok := _c.mutation.Key(); ok {
 		if err := securitysecret.KeyValidator(v); err != nil {
 			return &ValidationError{Name: "key", err: fmt.Errorf(`ent: validator failed for field "SecuritySecret.key": %w`, err)}
 		}
 	}
 	if _, ok := _c.mutation.Value(); !ok {
 		return &ValidationError{Name: "value", err: errors.New(`ent: missing required field "SecuritySecret.value"`)}
 	}
 	if v, ok := _c.mutation.Value(); ok {
 		if err := securitysecret.ValueValidator(v); err != nil {
 			return &ValidationError{Name: "value", err: fmt.Errorf(`ent: validator failed for field "SecuritySecret.value": %w`, err)}
 		}
 	}
 	return nil
 }
 func (_c *SecuritySecretCreate) sqlSave(ctx context.Context) (*SecuritySecret, error) {
 	if err := _c.check(); err != nil {
 		return nil, err
 	}
 	_node, _spec := _c.createSpec()
 	if err := sqlgraph.CreateNode(ctx, _c.driver, _spec); err != nil {
 		if sqlgraph.IsConstraintError(err) {
 			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
 	id := _spec.ID.Value.(int64)
 	_node.ID = int64(id)
 	_c.mutation.id = &_node.ID
 	_c.mutation.done = true
 	return _node, nil
 }
 func (_c *SecuritySecretCreate) createSpec() (*SecuritySecret, *sqlgraph.CreateSpec) {
 	var (
 		_node = &SecuritySecret{config: _c.config}
 		_spec = sqlgraph.NewCreateSpec(securitysecret.Table, sqlgraph.NewFieldSpec(securitysecret.FieldID, field.TypeInt64))
 	)
 	_spec.OnConflict = _c.conflict
 	if value, ok := _c.mutation.CreatedAt(); ok {
 		_spec.SetField(securitysecret.FieldCreatedAt, field.TypeTime, value)
 		_node.CreatedAt = value
 	}
 	if value, ok := _c.mutation.UpdatedAt(); ok {
 		_spec.SetField(securitysecret.FieldUpdatedAt, field.TypeTime, value)
 		_node.UpdatedAt = value
 	}
 	if value, ok := _c.mutation.Key(); ok {
 		_spec.SetField(securitysecret.FieldKey, field.TypeString, value)
 		_node.Key = value
 	}
 	if value, ok := _c.mutation.Value(); ok {
 		_spec.SetField(securitysecret.FieldValue, field.TypeString, value)
 		_node.Value = value
 	}
 	return _node, _spec
 }
 // OnConflict allows configuring the `ON CONFLICT` / `ON DUPLICATE KEY` clause
 // of the `INSERT` statement. For example:
 //
 //	client.SecuritySecret.Create().
 //		SetCreatedAt(v).
 //		OnConflict(
 //			// Update the row with the new values
 //			// the was proposed for insertion.
 //			sql.ResolveWithNewValues(),
 //		).
 //		// Override some of the fields with custom
 //		// update values.
 //		Update(func(u *ent.SecuritySecretUpsert) {
 //			SetCreatedAt(v+v).
 //		}).
 //		Exec(ctx)
 func (_c *SecuritySecretCreate) OnConflict(opts ...sql.ConflictOption) *SecuritySecretUpsertOne {
 	_c.conflict = opts
 	return &SecuritySecretUpsertOne{
 		create: _c,
 	}
 }
 // OnConflictColumns calls `OnConflict` and configures the columns
 // as conflict target. Using this option is equivalent to using:
 //
 //	client.SecuritySecret.Create().
 //		OnConflict(sql.ConflictColumns(columns...)).
 //		Exec(ctx)
 func (_c *SecuritySecretCreate) OnConflictColumns(columns ...string) *SecuritySecretUpsertOne {
 	_c.conflict = append(_c.conflict, sql.ConflictColumns(columns...))
 	return &SecuritySecretUpsertOne{
 		create: _c,
 	}
 }
 type (
 	// SecuritySecretUpsertOne is the builder for "upsert"-ing
 	//  one SecuritySecret node.
 	SecuritySecretUpsertOne struct {
 		create *SecuritySecretCreate
 	}
 	// SecuritySecretUpsert is the "OnConflict" setter.
 	SecuritySecretUpsert struct {
 		*sql.UpdateSet
 	}
 )
 // SetUpdatedAt sets the "updated_at" field.
 func (u *SecuritySecretUpsert) SetUpdatedAt(v time.Time) *SecuritySecretUpsert {
 	u.Set(securitysecret.FieldUpdatedAt, v)
 	return u
 }
 // UpdateUpdatedAt sets the "updated_at" field to the value that was provided on create.
 func (u *SecuritySecretUpsert) UpdateUpdatedAt() *SecuritySecretUpsert {
 	u.SetExcluded(securitysecret.FieldUpdatedAt)
 	return u
 }
 // SetKey sets the "key" field.
 func (u *SecuritySecretUpsert) SetKey(v string) *SecuritySecretUpsert {
 	u.Set(securitysecret.FieldKey, v)
 	return u
 }
 // UpdateKey sets the "key" field to the value that was provided on create.
 func (u *SecuritySecretUpsert) UpdateKey() *SecuritySecretUpsert {
 	u.SetExcluded(securitysecret.FieldKey)
 	return u
 }
 // SetValue sets the "value" field.
 func (u *SecuritySecretUpsert) SetValue(v string) *SecuritySecretUpsert {
 	u.Set(securitysecret.FieldValue, v)
 	return u
 }
 // UpdateValue sets the "value" field to the value that was provided on create.
 func (u *SecuritySecretUpsert) UpdateValue() *SecuritySecretUpsert {
 	u.SetExcluded(securitysecret.FieldValue)
 	return u
 }
 // UpdateNewValues updates the mutable fields using the new values that were set on create.
 // Using this option is equivalent to using:
 //
 //	client.SecuritySecret.Create().
 //		OnConflict(
 //			sql.ResolveWithNewValues(),
 //		).
 //		Exec(ctx)
 func (u *SecuritySecretUpsertOne) UpdateNewValues() *SecuritySecretUpsertOne {
 	u.create.conflict = append(u.create.conflict, sql.ResolveWithNewValues())
 	u.create.conflict = append(u.create.conflict, sql.ResolveWith(func(s *sql.UpdateSet) {
 		if _, exists := u.create.mutation.CreatedAt(); exists {
 			s.SetIgnore(securitysecret.FieldCreatedAt)
 		}
 	}))
 	return u
 }
 // Ignore sets each column to itself in case of conflict.
 // Using this option is equivalent to using:
 //
 //	client.SecuritySecret.Create().
 //	    OnConflict(sql.ResolveWithIgnore()).
 //	    Exec(ctx)
 func (u *SecuritySecretUpsertOne) Ignore() *SecuritySecretUpsertOne {
 	u.create.conflict = append(u.create.conflict, sql.ResolveWithIgnore())
 	return u
 }
 // DoNothing configures the conflict_action to `DO NOTHING`.
 // Supported only by SQLite and PostgreSQL.
 func (u *SecuritySecretUpsertOne) DoNothing() *SecuritySecretUpsertOne {
 	u.create.conflict = append(u.create.conflict, sql.DoNothing())
 	return u
 }
 // Update allows overriding fields `UPDATE` values. See the SecuritySecretCreate.OnConflict
 // documentation for more info.
 func (u *SecuritySecretUpsertOne) Update(set func(*SecuritySecretUpsert)) *SecuritySecretUpsertOne {
 	u.create.conflict = append(u.create.conflict, sql.ResolveWith(func(update *sql.UpdateSet) {
 		set(&SecuritySecretUpsert{UpdateSet: update})
 	}))
 	return u
 }
 // SetUpdatedAt sets the "updated_at" field.
 func (u *SecuritySecretUpsertOne) SetUpdatedAt(v time.Time) *SecuritySecretUpsertOne {
 	return u.Update(func(s *SecuritySecretUpsert) {
 		s.SetUpdatedAt(v)
 	})
 }
 // UpdateUpdatedAt sets the "updated_at" field to the value that was provided on create.
 func (u *SecuritySecretUpsertOne) UpdateUpdatedAt() *SecuritySecretUpsertOne {
 	return u.Update(func(s *SecuritySecretUpsert) {
 		s.UpdateUpdatedAt()
 	})
 }
 // SetKey sets the "key" field.
 func (u *SecuritySecretUpsertOne) SetKey(v string) *SecuritySecretUpsertOne {
 	return u.Update(func(s *SecuritySecretUpsert) {
 		s.SetKey(v)
 	})
 }
 // UpdateKey sets the "key" field to the value that was provided on create.
 func (u *SecuritySecretUpsertOne) UpdateKey() *SecuritySecretUpsertOne {
 	return u.Update(func(s *SecuritySecretUpsert) {
 		s.UpdateKey()
 	})
 }
 // SetValue sets the "value" field.
 func (u *SecuritySecretUpsertOne) SetValue(v string) *SecuritySecretUpsertOne {
 	return u.Update(func(s *SecuritySecretUpsert) {
 		s.SetValue(v)
 	})
 }
 // UpdateValue sets the "value" field to the value that was provided on create.
 func (u *SecuritySecretUpsertOne) UpdateValue() *SecuritySecretUpsertOne {
 	return u.Update(func(s *SecuritySecretUpsert) {
 		s.UpdateValue()
 	})
 }
 // Exec executes the query.
 func (u *SecuritySecretUpsertOne) Exec(ctx context.Context) error {
 	if len(u.create.conflict) == 0 {
 		return errors.New("ent: missing options for SecuritySecretCreate.OnConflict")
 	}
 	return u.create.Exec(ctx)
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (u *SecuritySecretUpsertOne) ExecX(ctx context.Context) {
 	if err := u.create.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 // Exec executes the UPSERT query and returns the inserted/updated ID.
 func (u *SecuritySecretUpsertOne) ID(ctx context.Context) (id int64, err error) {
 	node, err := u.create.Save(ctx)
 	if err != nil {
 		return id, err
 	}
 	return node.ID, nil
 }
 // IDX is like ID, but panics if an error occurs.
 func (u *SecuritySecretUpsertOne) IDX(ctx context.Context) int64 {
 	id, err := u.ID(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return id
 }
 // SecuritySecretCreateBulk is the builder for creating many SecuritySecret entities in bulk.
 type SecuritySecretCreateBulk struct {
 	config
 	err      error
 	builders []*SecuritySecretCreate
 	conflict []sql.ConflictOption
 }
 // Save creates the SecuritySecret entities in the database.
 func (_c *SecuritySecretCreateBulk) Save(ctx context.Context) ([]*SecuritySecret, error) {
 	if _c.err != nil {
 		return nil, _c.err
 	}
 	specs := make([]*sqlgraph.CreateSpec, len(_c.builders))
 	nodes := make([]*SecuritySecret, len(_c.builders))
 	mutators := make([]Mutator, len(_c.builders))
 	for i := range _c.builders {
 		func(i int, root context.Context) {
 			builder := _c.builders[i]
 			builder.defaults()
 			var mut Mutator = MutateFunc(func(ctx context.Context, m Mutation) (Value, error) {
 				mutation, ok := m.(*SecuritySecretMutation)
 				if !ok {
 					return nil, fmt.Errorf("unexpected mutation type %T", m)
 				}
 				if err := builder.check(); err != nil {
 					return nil, err
 				}
 				builder.mutation = mutation
 				var err error
 				nodes[i], specs[i] = builder.createSpec()
 				if i < len(mutators)-1 {
 					_, err = mutators[i+1].Mutate(root, _c.builders[i+1].mutation)
 				} else {
 					spec := &sqlgraph.BatchCreateSpec{Nodes: specs}
 					spec.OnConflict = _c.conflict
 					// Invoke the actual operation on the latest mutation in the chain.
 					if err = sqlgraph.BatchCreate(ctx, _c.driver, spec); err != nil {
 						if sqlgraph.IsConstraintError(err) {
 							err = &ConstraintError{msg: err.Error(), wrap: err}
 						}
 					}
 				}
 				if err != nil {
 					return nil, err
 				}
 				mutation.id = &nodes[i].ID
 				if specs[i].ID.Value != nil {
 					id := specs[i].ID.Value.(int64)
 					nodes[i].ID = int64(id)
 				}
 				mutation.done = true
 				return nodes[i], nil
 			})
 			for i := len(builder.hooks) - 1; i >= 0; i-- {
 				mut = builder.hooks[i](mut)
 			}
 			mutators[i] = mut
 		}(i, ctx)
 	}
 	if len(mutators) > 0 {
 		if _, err := mutators[0].Mutate(ctx, _c.builders[0].mutation); err != nil {
 			return nil, err
 		}
 	}
 	return nodes, nil
 }
 // SaveX is like Save, but panics if an error occurs.
 func (_c *SecuritySecretCreateBulk) SaveX(ctx context.Context) []*SecuritySecret {
 	v, err := _c.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return v
 }
 // Exec executes the query.
 func (_c *SecuritySecretCreateBulk) Exec(ctx context.Context) error {
 	_, err := _c.Save(ctx)
 	return err
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_c *SecuritySecretCreateBulk) ExecX(ctx context.Context) {
 	if err := _c.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 // OnConflict allows configuring the `ON CONFLICT` / `ON DUPLICATE KEY` clause
 // of the `INSERT` statement. For example:
 //
 //	client.SecuritySecret.CreateBulk(builders...).
 //		OnConflict(
 //			// Update the row with the new values
 //			// the was proposed for insertion.
 //			sql.ResolveWithNewValues(),
 //		).
 //		// Override some of the fields with custom
 //		// update values.
 //		Update(func(u *ent.SecuritySecretUpsert) {
 //			SetCreatedAt(v+v).
 //		}).
 //		Exec(ctx)
 func (_c *SecuritySecretCreateBulk) OnConflict(opts ...sql.ConflictOption) *SecuritySecretUpsertBulk {
 	_c.conflict = opts
 	return &SecuritySecretUpsertBulk{
 		create: _c,
 	}
 }
 // OnConflictColumns calls `OnConflict` and configures the columns
 // as conflict target. Using this option is equivalent to using:
 //
 //	client.SecuritySecret.Create().
 //		OnConflict(sql.ConflictColumns(columns...)).
 //		Exec(ctx)
 func (_c *SecuritySecretCreateBulk) OnConflictColumns(columns ...string) *SecuritySecretUpsertBulk {
 	_c.conflict = append(_c.conflict, sql.ConflictColumns(columns...))
 	return &SecuritySecretUpsertBulk{
 		create: _c,
 	}
 }
 // SecuritySecretUpsertBulk is the builder for "upsert"-ing
 // a bulk of SecuritySecret nodes.
 type SecuritySecretUpsertBulk struct {
 	create *SecuritySecretCreateBulk
 }
 // UpdateNewValues updates the mutable fields using the new values that
 // were set on create. Using this option is equivalent to using:
 //
 //	client.SecuritySecret.Create().
 //		OnConflict(
 //			sql.ResolveWithNewValues(),
 //		).
 //		Exec(ctx)
 func (u *SecuritySecretUpsertBulk) UpdateNewValues() *SecuritySecretUpsertBulk {
 	u.create.conflict = append(u.create.conflict, sql.ResolveWithNewValues())
 	u.create.conflict = append(u.create.conflict, sql.ResolveWith(func(s *sql.UpdateSet) {
 		for _, b := range u.create.builders {
 			if _, exists := b.mutation.CreatedAt(); exists {
 				s.SetIgnore(securitysecret.FieldCreatedAt)
 			}
 		}
 	}))
 	return u
 }
 // Ignore sets each column to itself in case of conflict.
 // Using this option is equivalent to using:
 //
 //	client.SecuritySecret.Create().
 //		OnConflict(sql.ResolveWithIgnore()).
 //		Exec(ctx)
 func (u *SecuritySecretUpsertBulk) Ignore() *SecuritySecretUpsertBulk {
 	u.create.conflict = append(u.create.conflict, sql.ResolveWithIgnore())
 	return u
 }
 // DoNothing configures the conflict_action to `DO NOTHING`.
 // Supported only by SQLite and PostgreSQL.
 func (u *SecuritySecretUpsertBulk) DoNothing() *SecuritySecretUpsertBulk {
 	u.create.conflict = append(u.create.conflict, sql.DoNothing())
 	return u
 }
 // Update allows overriding fields `UPDATE` values. See the SecuritySecretCreateBulk.OnConflict
 // documentation for more info.
 func (u *SecuritySecretUpsertBulk) Update(set func(*SecuritySecretUpsert)) *SecuritySecretUpsertBulk {
 	u.create.conflict = append(u.create.conflict, sql.ResolveWith(func(update *sql.UpdateSet) {
 		set(&SecuritySecretUpsert{UpdateSet: update})
 	}))
 	return u
 }
 // SetUpdatedAt sets the "updated_at" field.
 func (u *SecuritySecretUpsertBulk) SetUpdatedAt(v time.Time) *SecuritySecretUpsertBulk {
 	return u.Update(func(s *SecuritySecretUpsert) {
 		s.SetUpdatedAt(v)
 	})
 }
 // UpdateUpdatedAt sets the "updated_at" field to the value that was provided on create.
 func (u *SecuritySecretUpsertBulk) UpdateUpdatedAt() *SecuritySecretUpsertBulk {
 	return u.Update(func(s *SecuritySecretUpsert) {
 		s.UpdateUpdatedAt()
 	})
 }
 // SetKey sets the "key" field.
 func (u *SecuritySecretUpsertBulk) SetKey(v string) *SecuritySecretUpsertBulk {
 	return u.Update(func(s *SecuritySecretUpsert) {
 		s.SetKey(v)
 	})
 }
 // UpdateKey sets the "key" field to the value that was provided on create.
 func (u *SecuritySecretUpsertBulk) UpdateKey() *SecuritySecretUpsertBulk {
 	return u.Update(func(s *SecuritySecretUpsert) {
 		s.UpdateKey()
 	})
 }
 // SetValue sets the "value" field.
 func (u *SecuritySecretUpsertBulk) SetValue(v string) *SecuritySecretUpsertBulk {
 	return u.Update(func(s *SecuritySecretUpsert) {
 		s.SetValue(v)
 	})
 }
 // UpdateValue sets the "value" field to the value that was provided on create.
 func (u *SecuritySecretUpsertBulk) UpdateValue() *SecuritySecretUpsertBulk {
 	return u.Update(func(s *SecuritySecretUpsert) {
 		s.UpdateValue()
 	})
 }
 // Exec executes the query.
 func (u *SecuritySecretUpsertBulk) Exec(ctx context.Context) error {
 	if u.create.err != nil {
 		return u.create.err
 	}
 	for i, b := range u.create.builders {
 		if len(b.conflict) != 0 {
 			return fmt.Errorf("ent: OnConflict was set for builder %d. Set it on the SecuritySecretCreateBulk instead", i)
 		}
 	}
 	if len(u.create.conflict) == 0 {
 		return errors.New("ent: missing options for SecuritySecretCreateBulk.OnConflict")
 	}
 	return u.create.Exec(ctx)
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (u *SecuritySecretUpsertBulk) ExecX(ctx context.Context) {
 	if err := u.create.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
--- a/backend/ent/securitysecret_delete.go
+++ b/backend/ent/securitysecret_delete.go
@@ -0,0 +1,88 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"context"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 	"github.com/Wei-Shaw/sub2api/ent/securitysecret"
 )
 // SecuritySecretDelete is the builder for deleting a SecuritySecret entity.
 type SecuritySecretDelete struct {
 	config
 	hooks    []Hook
 	mutation *SecuritySecretMutation
 }
 // Where appends a list predicates to the SecuritySecretDelete builder.
 func (_d *SecuritySecretDelete) Where(ps ...predicate.SecuritySecret) *SecuritySecretDelete {
 	_d.mutation.Where(ps...)
 	return _d
 }
 // Exec executes the deletion query and returns how many vertices were deleted.
 func (_d *SecuritySecretDelete) Exec(ctx context.Context) (int, error) {
 	return withHooks(ctx, _d.sqlExec, _d.mutation, _d.hooks)
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_d *SecuritySecretDelete) ExecX(ctx context.Context) int {
 	n, err := _d.Exec(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return n
 }
 func (_d *SecuritySecretDelete) sqlExec(ctx context.Context) (int, error) {
 	_spec := sqlgraph.NewDeleteSpec(securitysecret.Table, sqlgraph.NewFieldSpec(securitysecret.FieldID, field.TypeInt64))
 	if ps := _d.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	affected, err := sqlgraph.DeleteNodes(ctx, _d.driver, _spec)
 	if err != nil && sqlgraph.IsConstraintError(err) {
 		err = &ConstraintError{msg: err.Error(), wrap: err}
 	}
 	_d.mutation.done = true
 	return affected, err
 }
 // SecuritySecretDeleteOne is the builder for deleting a single SecuritySecret entity.
 type SecuritySecretDeleteOne struct {
 	_d *SecuritySecretDelete
 }
 // Where appends a list predicates to the SecuritySecretDelete builder.
 func (_d *SecuritySecretDeleteOne) Where(ps ...predicate.SecuritySecret) *SecuritySecretDeleteOne {
 	_d._d.mutation.Where(ps...)
 	return _d
 }
 // Exec executes the deletion query.
 func (_d *SecuritySecretDeleteOne) Exec(ctx context.Context) error {
 	n, err := _d._d.Exec(ctx)
 	switch {
 	case err != nil:
 		return err
 	case n == 0:
 		return &NotFoundError{securitysecret.Label}
 	default:
 		return nil
 	}
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_d *SecuritySecretDeleteOne) ExecX(ctx context.Context) {
 	if err := _d.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
--- a/backend/ent/securitysecret_query.go
+++ b/backend/ent/securitysecret_query.go
@@ -0,0 +1,564 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"context"
 	"fmt"
 	"math"
 	"entgo.io/ent"
 	"entgo.io/ent/dialect"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 	"github.com/Wei-Shaw/sub2api/ent/securitysecret"
 )
 // SecuritySecretQuery is the builder for querying SecuritySecret entities.
 type SecuritySecretQuery struct {
 	config
 	ctx        *QueryContext
 	order      []securitysecret.OrderOption
 	inters     []Interceptor
 	predicates []predicate.SecuritySecret
 	modifiers  []func(*sql.Selector)
 	// intermediate query (i.e. traversal path).
 	sql  *sql.Selector
 	path func(context.Context) (*sql.Selector, error)
 }
 // Where adds a new predicate for the SecuritySecretQuery builder.
 func (_q *SecuritySecretQuery) Where(ps ...predicate.SecuritySecret) *SecuritySecretQuery {
 	_q.predicates = append(_q.predicates, ps...)
 	return _q
 }
 // Limit the number of records to be returned by this query.
 func (_q *SecuritySecretQuery) Limit(limit int) *SecuritySecretQuery {
 	_q.ctx.Limit = &limit
 	return _q
 }
 // Offset to start from.
 func (_q *SecuritySecretQuery) Offset(offset int) *SecuritySecretQuery {
 	_q.ctx.Offset = &offset
 	return _q
 }
 // Unique configures the query builder to filter duplicate records on query.
 // By default, unique is set to true, and can be disabled using this method.
 func (_q *SecuritySecretQuery) Unique(unique bool) *SecuritySecretQuery {
 	_q.ctx.Unique = &unique
 	return _q
 }
 // Order specifies how the records should be ordered.
 func (_q *SecuritySecretQuery) Order(o ...securitysecret.OrderOption) *SecuritySecretQuery {
 	_q.order = append(_q.order, o...)
 	return _q
 }
 // First returns the first SecuritySecret entity from the query.
 // Returns a *NotFoundError when no SecuritySecret was found.
 func (_q *SecuritySecretQuery) First(ctx context.Context) (*SecuritySecret, error) {
 	nodes, err := _q.Limit(1).All(setContextOp(ctx, _q.ctx, ent.OpQueryFirst))
 	if err != nil {
 		return nil, err
 	}
 	if len(nodes) == 0 {
 		return nil, &NotFoundError{securitysecret.Label}
 	}
 	return nodes[0], nil
 }
 // FirstX is like First, but panics if an error occurs.
 func (_q *SecuritySecretQuery) FirstX(ctx context.Context) *SecuritySecret {
 	node, err := _q.First(ctx)
 	if err != nil && !IsNotFound(err) {
 		panic(err)
 	}
 	return node
 }
 // FirstID returns the first SecuritySecret ID from the query.
 // Returns a *NotFoundError when no SecuritySecret ID was found.
 func (_q *SecuritySecretQuery) FirstID(ctx context.Context) (id int64, err error) {
 	var ids []int64
 	if ids, err = _q.Limit(1).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryFirstID)); err != nil {
 		return
 	}
 	if len(ids) == 0 {
 		err = &NotFoundError{securitysecret.Label}
 		return
 	}
 	return ids[0], nil
 }
 // FirstIDX is like FirstID, but panics if an error occurs.
 func (_q *SecuritySecretQuery) FirstIDX(ctx context.Context) int64 {
 	id, err := _q.FirstID(ctx)
 	if err != nil && !IsNotFound(err) {
 		panic(err)
 	}
 	return id
 }
 // Only returns a single SecuritySecret entity found by the query, ensuring it only returns one.
 // Returns a *NotSingularError when more than one SecuritySecret entity is found.
 // Returns a *NotFoundError when no SecuritySecret entities are found.
 func (_q *SecuritySecretQuery) Only(ctx context.Context) (*SecuritySecret, error) {
 	nodes, err := _q.Limit(2).All(setContextOp(ctx, _q.ctx, ent.OpQueryOnly))
 	if err != nil {
 		return nil, err
 	}
 	switch len(nodes) {
 	case 1:
 		return nodes[0], nil
 	case 0:
 		return nil, &NotFoundError{securitysecret.Label}
 	default:
 		return nil, &NotSingularError{securitysecret.Label}
 	}
 }
 // OnlyX is like Only, but panics if an error occurs.
 func (_q *SecuritySecretQuery) OnlyX(ctx context.Context) *SecuritySecret {
 	node, err := _q.Only(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return node
 }
 // OnlyID is like Only, but returns the only SecuritySecret ID in the query.
 // Returns a *NotSingularError when more than one SecuritySecret ID is found.
 // Returns a *NotFoundError when no entities are found.
 func (_q *SecuritySecretQuery) OnlyID(ctx context.Context) (id int64, err error) {
 	var ids []int64
 	if ids, err = _q.Limit(2).IDs(setContextOp(ctx, _q.ctx, ent.OpQueryOnlyID)); err != nil {
 		return
 	}
 	switch len(ids) {
 	case 1:
 		id = ids[0]
 	case 0:
 		err = &NotFoundError{securitysecret.Label}
 	default:
 		err = &NotSingularError{securitysecret.Label}
 	}
 	return
 }
 // OnlyIDX is like OnlyID, but panics if an error occurs.
 func (_q *SecuritySecretQuery) OnlyIDX(ctx context.Context) int64 {
 	id, err := _q.OnlyID(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return id
 }
 // All executes the query and returns a list of SecuritySecrets.
 func (_q *SecuritySecretQuery) All(ctx context.Context) ([]*SecuritySecret, error) {
 	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryAll)
 	if err := _q.prepareQuery(ctx); err != nil {
 		return nil, err
 	}
 	qr := querierAll[[]*SecuritySecret, *SecuritySecretQuery]()
 	return withInterceptors[[]*SecuritySecret](ctx, _q, qr, _q.inters)
 }
 // AllX is like All, but panics if an error occurs.
 func (_q *SecuritySecretQuery) AllX(ctx context.Context) []*SecuritySecret {
 	nodes, err := _q.All(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return nodes
 }
 // IDs executes the query and returns a list of SecuritySecret IDs.
 func (_q *SecuritySecretQuery) IDs(ctx context.Context) (ids []int64, err error) {
 	if _q.ctx.Unique == nil && _q.path != nil {
 		_q.Unique(true)
 	}
 	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryIDs)
 	if err = _q.Select(securitysecret.FieldID).Scan(ctx, &ids); err != nil {
 		return nil, err
 	}
 	return ids, nil
 }
 // IDsX is like IDs, but panics if an error occurs.
 func (_q *SecuritySecretQuery) IDsX(ctx context.Context) []int64 {
 	ids, err := _q.IDs(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return ids
 }
 // Count returns the count of the given query.
 func (_q *SecuritySecretQuery) Count(ctx context.Context) (int, error) {
 	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryCount)
 	if err := _q.prepareQuery(ctx); err != nil {
 		return 0, err
 	}
 	return withInterceptors[int](ctx, _q, querierCount[*SecuritySecretQuery](), _q.inters)
 }
 // CountX is like Count, but panics if an error occurs.
 func (_q *SecuritySecretQuery) CountX(ctx context.Context) int {
 	count, err := _q.Count(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return count
 }
 // Exist returns true if the query has elements in the graph.
 func (_q *SecuritySecretQuery) Exist(ctx context.Context) (bool, error) {
 	ctx = setContextOp(ctx, _q.ctx, ent.OpQueryExist)
 	switch _, err := _q.FirstID(ctx); {
 	case IsNotFound(err):
 		return false, nil
 	case err != nil:
 		return false, fmt.Errorf("ent: check existence: %w", err)
 	default:
 		return true, nil
 	}
 }
 // ExistX is like Exist, but panics if an error occurs.
 func (_q *SecuritySecretQuery) ExistX(ctx context.Context) bool {
 	exist, err := _q.Exist(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return exist
 }
 // Clone returns a duplicate of the SecuritySecretQuery builder, including all associated steps. It can be
 // used to prepare common query builders and use them differently after the clone is made.
 func (_q *SecuritySecretQuery) Clone() *SecuritySecretQuery {
 	if _q == nil {
 		return nil
 	}
 	return &SecuritySecretQuery{
 		config:     _q.config,
 		ctx:        _q.ctx.Clone(),
 		order:      append([]securitysecret.OrderOption{}, _q.order...),
 		inters:     append([]Interceptor{}, _q.inters...),
 		predicates: append([]predicate.SecuritySecret{}, _q.predicates...),
 		// clone intermediate query.
 		sql:  _q.sql.Clone(),
 		path: _q.path,
 	}
 }
 // GroupBy is used to group vertices by one or more fields/columns.
 // It is often used with aggregate functions, like: count, max, mean, min, sum.
 //
 // Example:
 //
 //	var v []struct {
 //		CreatedAt time.Time `json:"created_at,omitempty"`
 //		Count int `json:"count,omitempty"`
 //	}
 //
 //	client.SecuritySecret.Query().
 //		GroupBy(securitysecret.FieldCreatedAt).
 //		Aggregate(ent.Count()).
 //		Scan(ctx, &v)
 func (_q *SecuritySecretQuery) GroupBy(field string, fields ...string) *SecuritySecretGroupBy {
 	_q.ctx.Fields = append([]string{field}, fields...)
 	grbuild := &SecuritySecretGroupBy{build: _q}
 	grbuild.flds = &_q.ctx.Fields
 	grbuild.label = securitysecret.Label
 	grbuild.scan = grbuild.Scan
 	return grbuild
 }
 // Select allows the selection one or more fields/columns for the given query,
 // instead of selecting all fields in the entity.
 //
 // Example:
 //
 //	var v []struct {
 //		CreatedAt time.Time `json:"created_at,omitempty"`
 //	}
 //
 //	client.SecuritySecret.Query().
 //		Select(securitysecret.FieldCreatedAt).
 //		Scan(ctx, &v)
 func (_q *SecuritySecretQuery) Select(fields ...string) *SecuritySecretSelect {
 	_q.ctx.Fields = append(_q.ctx.Fields, fields...)
 	sbuild := &SecuritySecretSelect{SecuritySecretQuery: _q}
 	sbuild.label = securitysecret.Label
 	sbuild.flds, sbuild.scan = &_q.ctx.Fields, sbuild.Scan
 	return sbuild
 }
 // Aggregate returns a SecuritySecretSelect configured with the given aggregations.
 func (_q *SecuritySecretQuery) Aggregate(fns ...AggregateFunc) *SecuritySecretSelect {
 	return _q.Select().Aggregate(fns...)
 }
 func (_q *SecuritySecretQuery) prepareQuery(ctx context.Context) error {
 	for _, inter := range _q.inters {
 		if inter == nil {
 			return fmt.Errorf("ent: uninitialized interceptor (forgotten import ent/runtime?)")
 		}
 		if trv, ok := inter.(Traverser); ok {
 			if err := trv.Traverse(ctx, _q); err != nil {
 				return err
 			}
 		}
 	}
 	for _, f := range _q.ctx.Fields {
 		if !securitysecret.ValidColumn(f) {
 			return &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
 		}
 	}
 	if _q.path != nil {
 		prev, err := _q.path(ctx)
 		if err != nil {
 			return err
 		}
 		_q.sql = prev
 	}
 	return nil
 }
 func (_q *SecuritySecretQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*SecuritySecret, error) {
 	var (
 		nodes = []*SecuritySecret{}
 		_spec = _q.querySpec()
 	)
 	_spec.ScanValues = func(columns []string) ([]any, error) {
 		return (*SecuritySecret).scanValues(nil, columns)
 	}
 	_spec.Assign = func(columns []string, values []any) error {
 		node := &SecuritySecret{config: _q.config}
 		nodes = append(nodes, node)
 		return node.assignValues(columns, values)
 	}
 	if len(_q.modifiers) > 0 {
 		_spec.Modifiers = _q.modifiers
 	}
 	for i := range hooks {
 		hooks[i](ctx, _spec)
 	}
 	if err := sqlgraph.QueryNodes(ctx, _q.driver, _spec); err != nil {
 		return nil, err
 	}
 	if len(nodes) == 0 {
 		return nodes, nil
 	}
 	return nodes, nil
 }
 func (_q *SecuritySecretQuery) sqlCount(ctx context.Context) (int, error) {
 	_spec := _q.querySpec()
 	if len(_q.modifiers) > 0 {
 		_spec.Modifiers = _q.modifiers
 	}
 	_spec.Node.Columns = _q.ctx.Fields
 	if len(_q.ctx.Fields) > 0 {
 		_spec.Unique = _q.ctx.Unique != nil && *_q.ctx.Unique
 	}
 	return sqlgraph.CountNodes(ctx, _q.driver, _spec)
 }
 func (_q *SecuritySecretQuery) querySpec() *sqlgraph.QuerySpec {
 	_spec := sqlgraph.NewQuerySpec(securitysecret.Table, securitysecret.Columns, sqlgraph.NewFieldSpec(securitysecret.FieldID, field.TypeInt64))
 	_spec.From = _q.sql
 	if unique := _q.ctx.Unique; unique != nil {
 		_spec.Unique = *unique
 	} else if _q.path != nil {
 		_spec.Unique = true
 	}
 	if fields := _q.ctx.Fields; len(fields) > 0 {
 		_spec.Node.Columns = make([]string, 0, len(fields))
 		_spec.Node.Columns = append(_spec.Node.Columns, securitysecret.FieldID)
 		for i := range fields {
 			if fields[i] != securitysecret.FieldID {
 				_spec.Node.Columns = append(_spec.Node.Columns, fields[i])
 			}
 		}
 	}
 	if ps := _q.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	if limit := _q.ctx.Limit; limit != nil {
 		_spec.Limit = *limit
 	}
 	if offset := _q.ctx.Offset; offset != nil {
 		_spec.Offset = *offset
 	}
 	if ps := _q.order; len(ps) > 0 {
 		_spec.Order = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	return _spec
 }
 func (_q *SecuritySecretQuery) sqlQuery(ctx context.Context) *sql.Selector {
 	builder := sql.Dialect(_q.driver.Dialect())
 	t1 := builder.Table(securitysecret.Table)
 	columns := _q.ctx.Fields
 	if len(columns) == 0 {
 		columns = securitysecret.Columns
 	}
 	selector := builder.Select(t1.Columns(columns...)...).From(t1)
 	if _q.sql != nil {
 		selector = _q.sql
 		selector.Select(selector.Columns(columns...)...)
 	}
 	if _q.ctx.Unique != nil && *_q.ctx.Unique {
 		selector.Distinct()
 	}
 	for _, m := range _q.modifiers {
 		m(selector)
 	}
 	for _, p := range _q.predicates {
 		p(selector)
 	}
 	for _, p := range _q.order {
 		p(selector)
 	}
 	if offset := _q.ctx.Offset; offset != nil {
 		// limit is mandatory for offset clause. We start
 		// with default value, and override it below if needed.
 		selector.Offset(*offset).Limit(math.MaxInt32)
 	}
 	if limit := _q.ctx.Limit; limit != nil {
 		selector.Limit(*limit)
 	}
 	return selector
 }
 // ForUpdate locks the selected rows against concurrent updates, and prevent them from being
 // updated, deleted or "selected ... for update" by other sessions, until the transaction is
 // either committed or rolled-back.
 func (_q *SecuritySecretQuery) ForUpdate(opts ...sql.LockOption) *SecuritySecretQuery {
 	if _q.driver.Dialect() == dialect.Postgres {
 		_q.Unique(false)
 	}
 	_q.modifiers = append(_q.modifiers, func(s *sql.Selector) {
 		s.ForUpdate(opts...)
 	})
 	return _q
 }
 // ForShare behaves similarly to ForUpdate, except that it acquires a shared mode lock
 // on any rows that are read. Other sessions can read the rows, but cannot modify them
 // until your transaction commits.
 func (_q *SecuritySecretQuery) ForShare(opts ...sql.LockOption) *SecuritySecretQuery {
 	if _q.driver.Dialect() == dialect.Postgres {
 		_q.Unique(false)
 	}
 	_q.modifiers = append(_q.modifiers, func(s *sql.Selector) {
 		s.ForShare(opts...)
 	})
 	return _q
 }
 // SecuritySecretGroupBy is the group-by builder for SecuritySecret entities.
 type SecuritySecretGroupBy struct {
 	selector
 	build *SecuritySecretQuery
 }
 // Aggregate adds the given aggregation functions to the group-by query.
 func (_g *SecuritySecretGroupBy) Aggregate(fns ...AggregateFunc) *SecuritySecretGroupBy {
 	_g.fns = append(_g.fns, fns...)
 	return _g
 }
 // Scan applies the selector query and scans the result into the given value.
 func (_g *SecuritySecretGroupBy) Scan(ctx context.Context, v any) error {
 	ctx = setContextOp(ctx, _g.build.ctx, ent.OpQueryGroupBy)
 	if err := _g.build.prepareQuery(ctx); err != nil {
 		return err
 	}
 	return scanWithInterceptors[*SecuritySecretQuery, *SecuritySecretGroupBy](ctx, _g.build, _g, _g.build.inters, v)
 }
 func (_g *SecuritySecretGroupBy) sqlScan(ctx context.Context, root *SecuritySecretQuery, v any) error {
 	selector := root.sqlQuery(ctx).Select()
 	aggregation := make([]string, 0, len(_g.fns))
 	for _, fn := range _g.fns {
 		aggregation = append(aggregation, fn(selector))
 	}
 	if len(selector.SelectedColumns()) == 0 {
 		columns := make([]string, 0, len(*_g.flds)+len(_g.fns))
 		for _, f := range *_g.flds {
 			columns = append(columns, selector.C(f))
 		}
 		columns = append(columns, aggregation...)
 		selector.Select(columns...)
 	}
 	selector.GroupBy(selector.Columns(*_g.flds...)...)
 	if err := selector.Err(); err != nil {
 		return err
 	}
 	rows := &sql.Rows{}
 	query, args := selector.Query()
 	if err := _g.build.driver.Query(ctx, query, args, rows); err != nil {
 		return err
 	}
 	defer rows.Close()
 	return sql.ScanSlice(rows, v)
 }
 // SecuritySecretSelect is the builder for selecting fields of SecuritySecret entities.
 type SecuritySecretSelect struct {
 	*SecuritySecretQuery
 	selector
 }
 // Aggregate adds the given aggregation functions to the selector query.
 func (_s *SecuritySecretSelect) Aggregate(fns ...AggregateFunc) *SecuritySecretSelect {
 	_s.fns = append(_s.fns, fns...)
 	return _s
 }
 // Scan applies the selector query and scans the result into the given value.
 func (_s *SecuritySecretSelect) Scan(ctx context.Context, v any) error {
 	ctx = setContextOp(ctx, _s.ctx, ent.OpQuerySelect)
 	if err := _s.prepareQuery(ctx); err != nil {
 		return err
 	}
 	return scanWithInterceptors[*SecuritySecretQuery, *SecuritySecretSelect](ctx, _s.SecuritySecretQuery, _s, _s.inters, v)
 }
 func (_s *SecuritySecretSelect) sqlScan(ctx context.Context, root *SecuritySecretQuery, v any) error {
 	selector := root.sqlQuery(ctx)
 	aggregation := make([]string, 0, len(_s.fns))
 	for _, fn := range _s.fns {
 		aggregation = append(aggregation, fn(selector))
 	}
 	switch n := len(*_s.selector.flds); {
 	case n == 0 && len(aggregation) > 0:
 		selector.Select(aggregation...)
 	case n != 0 && len(aggregation) > 0:
 		selector.AppendSelect(aggregation...)
 	}
 	rows := &sql.Rows{}
 	query, args := selector.Query()
 	if err := _s.driver.Query(ctx, query, args, rows); err != nil {
 		return err
 	}
 	defer rows.Close()
 	return sql.ScanSlice(rows, v)
 }
--- a/backend/ent/securitysecret_update.go
+++ b/backend/ent/securitysecret_update.go
@@ -0,0 +1,316 @@
 // Code generated by ent, DO NOT EDIT.
 package ent
 import (
 	"context"
 	"errors"
 	"fmt"
 	"time"
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
 	"github.com/Wei-Shaw/sub2api/ent/securitysecret"
 )
 // SecuritySecretUpdate is the builder for updating SecuritySecret entities.
 type SecuritySecretUpdate struct {
 	config
 	hooks    []Hook
 	mutation *SecuritySecretMutation
 }
 // Where appends a list predicates to the SecuritySecretUpdate builder.
 func (_u *SecuritySecretUpdate) Where(ps ...predicate.SecuritySecret) *SecuritySecretUpdate {
 	_u.mutation.Where(ps...)
 	return _u
 }
 // SetUpdatedAt sets the "updated_at" field.
 func (_u *SecuritySecretUpdate) SetUpdatedAt(v time.Time) *SecuritySecretUpdate {
 	_u.mutation.SetUpdatedAt(v)
 	return _u
 }
 // SetKey sets the "key" field.
 func (_u *SecuritySecretUpdate) SetKey(v string) *SecuritySecretUpdate {
 	_u.mutation.SetKey(v)
 	return _u
 }
 // SetNillableKey sets the "key" field if the given value is not nil.
 func (_u *SecuritySecretUpdate) SetNillableKey(v *string) *SecuritySecretUpdate {
 	if v != nil {
 		_u.SetKey(*v)
 	}
 	return _u
 }
 // SetValue sets the "value" field.
 func (_u *SecuritySecretUpdate) SetValue(v string) *SecuritySecretUpdate {
 	_u.mutation.SetValue(v)
 	return _u
 }
 // SetNillableValue sets the "value" field if the given value is not nil.
 func (_u *SecuritySecretUpdate) SetNillableValue(v *string) *SecuritySecretUpdate {
 	if v != nil {
 		_u.SetValue(*v)
 	}
 	return _u
 }
 // Mutation returns the SecuritySecretMutation object of the builder.
 func (_u *SecuritySecretUpdate) Mutation() *SecuritySecretMutation {
 	return _u.mutation
 }
 // Save executes the query and returns the number of nodes affected by the update operation.
 func (_u *SecuritySecretUpdate) Save(ctx context.Context) (int, error) {
 	_u.defaults()
 	return withHooks(ctx, _u.sqlSave, _u.mutation, _u.hooks)
 }
 // SaveX is like Save, but panics if an error occurs.
 func (_u *SecuritySecretUpdate) SaveX(ctx context.Context) int {
 	affected, err := _u.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return affected
 }
 // Exec executes the query.
 func (_u *SecuritySecretUpdate) Exec(ctx context.Context) error {
 	_, err := _u.Save(ctx)
 	return err
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_u *SecuritySecretUpdate) ExecX(ctx context.Context) {
 	if err := _u.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 // defaults sets the default values of the builder before save.
 func (_u *SecuritySecretUpdate) defaults() {
 	if _, ok := _u.mutation.UpdatedAt(); !ok {
 		v := securitysecret.UpdateDefaultUpdatedAt()
 		_u.mutation.SetUpdatedAt(v)
 	}
 }
 // check runs all checks and user-defined validators on the builder.
 func (_u *SecuritySecretUpdate) check() error {
 	if v, ok := _u.mutation.Key(); ok {
 		if err := securitysecret.KeyValidator(v); err != nil {
 			return &ValidationError{Name: "key", err: fmt.Errorf(`ent: validator failed for field "SecuritySecret.key": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.Value(); ok {
 		if err := securitysecret.ValueValidator(v); err != nil {
 			return &ValidationError{Name: "value", err: fmt.Errorf(`ent: validator failed for field "SecuritySecret.value": %w`, err)}
 		}
 	}
 	return nil
 }
 func (_u *SecuritySecretUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 	if err := _u.check(); err != nil {
 		return _node, err
 	}
 	_spec := sqlgraph.NewUpdateSpec(securitysecret.Table, securitysecret.Columns, sqlgraph.NewFieldSpec(securitysecret.FieldID, field.TypeInt64))
 	if ps := _u.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	if value, ok := _u.mutation.UpdatedAt(); ok {
 		_spec.SetField(securitysecret.FieldUpdatedAt, field.TypeTime, value)
 	}
 	if value, ok := _u.mutation.Key(); ok {
 		_spec.SetField(securitysecret.FieldKey, field.TypeString, value)
 	}
 	if value, ok := _u.mutation.Value(); ok {
 		_spec.SetField(securitysecret.FieldValue, field.TypeString, value)
 	}
 	if _node, err = sqlgraph.UpdateNodes(ctx, _u.driver, _spec); err != nil {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{securitysecret.Label}
 		} else if sqlgraph.IsConstraintError(err) {
 			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return 0, err
 	}
 	_u.mutation.done = true
 	return _node, nil
 }
 // SecuritySecretUpdateOne is the builder for updating a single SecuritySecret entity.
 type SecuritySecretUpdateOne struct {
 	config
 	fields   []string
 	hooks    []Hook
 	mutation *SecuritySecretMutation
 }
 // SetUpdatedAt sets the "updated_at" field.
 func (_u *SecuritySecretUpdateOne) SetUpdatedAt(v time.Time) *SecuritySecretUpdateOne {
 	_u.mutation.SetUpdatedAt(v)
 	return _u
 }
 // SetKey sets the "key" field.
 func (_u *SecuritySecretUpdateOne) SetKey(v string) *SecuritySecretUpdateOne {
 	_u.mutation.SetKey(v)
 	return _u
 }
 // SetNillableKey sets the "key" field if the given value is not nil.
 func (_u *SecuritySecretUpdateOne) SetNillableKey(v *string) *SecuritySecretUpdateOne {
 	if v != nil {
 		_u.SetKey(*v)
 	}
 	return _u
 }
 // SetValue sets the "value" field.
 func (_u *SecuritySecretUpdateOne) SetValue(v string) *SecuritySecretUpdateOne {
 	_u.mutation.SetValue(v)
 	return _u
 }
 // SetNillableValue sets the "value" field if the given value is not nil.
 func (_u *SecuritySecretUpdateOne) SetNillableValue(v *string) *SecuritySecretUpdateOne {
 	if v != nil {
 		_u.SetValue(*v)
 	}
 	return _u
 }
 // Mutation returns the SecuritySecretMutation object of the builder.
 func (_u *SecuritySecretUpdateOne) Mutation() *SecuritySecretMutation {
 	return _u.mutation
 }
 // Where appends a list predicates to the SecuritySecretUpdate builder.
 func (_u *SecuritySecretUpdateOne) Where(ps ...predicate.SecuritySecret) *SecuritySecretUpdateOne {
 	_u.mutation.Where(ps...)
 	return _u
 }
 // Select allows selecting one or more fields (columns) of the returned entity.
 // The default is selecting all fields defined in the entity schema.
 func (_u *SecuritySecretUpdateOne) Select(field string, fields ...string) *SecuritySecretUpdateOne {
 	_u.fields = append([]string{field}, fields...)
 	return _u
 }
 // Save executes the query and returns the updated SecuritySecret entity.
 func (_u *SecuritySecretUpdateOne) Save(ctx context.Context) (*SecuritySecret, error) {
 	_u.defaults()
 	return withHooks(ctx, _u.sqlSave, _u.mutation, _u.hooks)
 }
 // SaveX is like Save, but panics if an error occurs.
 func (_u *SecuritySecretUpdateOne) SaveX(ctx context.Context) *SecuritySecret {
 	node, err := _u.Save(ctx)
 	if err != nil {
 		panic(err)
 	}
 	return node
 }
 // Exec executes the query on the entity.
 func (_u *SecuritySecretUpdateOne) Exec(ctx context.Context) error {
 	_, err := _u.Save(ctx)
 	return err
 }
 // ExecX is like Exec, but panics if an error occurs.
 func (_u *SecuritySecretUpdateOne) ExecX(ctx context.Context) {
 	if err := _u.Exec(ctx); err != nil {
 		panic(err)
 	}
 }
 // defaults sets the default values of the builder before save.
 func (_u *SecuritySecretUpdateOne) defaults() {
 	if _, ok := _u.mutation.UpdatedAt(); !ok {
 		v := securitysecret.UpdateDefaultUpdatedAt()
 		_u.mutation.SetUpdatedAt(v)
 	}
 }
 // check runs all checks and user-defined validators on the builder.
 func (_u *SecuritySecretUpdateOne) check() error {
 	if v, ok := _u.mutation.Key(); ok {
 		if err := securitysecret.KeyValidator(v); err != nil {
 			return &ValidationError{Name: "key", err: fmt.Errorf(`ent: validator failed for field "SecuritySecret.key": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.Value(); ok {
 		if err := securitysecret.ValueValidator(v); err != nil {
 			return &ValidationError{Name: "value", err: fmt.Errorf(`ent: validator failed for field "SecuritySecret.value": %w`, err)}
 		}
 	}
 	return nil
 }
 func (_u *SecuritySecretUpdateOne) sqlSave(ctx context.Context) (_node *SecuritySecret, err error) {
 	if err := _u.check(); err != nil {
 		return _node, err
 	}
 	_spec := sqlgraph.NewUpdateSpec(securitysecret.Table, securitysecret.Columns, sqlgraph.NewFieldSpec(securitysecret.FieldID, field.TypeInt64))
 	id, ok := _u.mutation.ID()
 	if !ok {
 		return nil, &ValidationError{Name: "id", err: errors.New(`ent: missing "SecuritySecret.id" for update`)}
 	}
 	_spec.Node.ID.Value = id
 	if fields := _u.fields; len(fields) > 0 {
 		_spec.Node.Columns = make([]string, 0, len(fields))
 		_spec.Node.Columns = append(_spec.Node.Columns, securitysecret.FieldID)
 		for _, f := range fields {
 			if !securitysecret.ValidColumn(f) {
 				return nil, &ValidationError{Name: f, err: fmt.Errorf("ent: invalid field %q for query", f)}
 			}
 			if f != securitysecret.FieldID {
 				_spec.Node.Columns = append(_spec.Node.Columns, f)
 			}
 		}
 	}
 	if ps := _u.mutation.predicates; len(ps) > 0 {
 		_spec.Predicate = func(selector *sql.Selector) {
 			for i := range ps {
 				ps[i](selector)
 			}
 		}
 	}
 	if value, ok := _u.mutation.UpdatedAt(); ok {
 		_spec.SetField(securitysecret.FieldUpdatedAt, field.TypeTime, value)
 	}
 	if value, ok := _u.mutation.Key(); ok {
 		_spec.SetField(securitysecret.FieldKey, field.TypeString, value)
 	}
 	if value, ok := _u.mutation.Value(); ok {
 		_spec.SetField(securitysecret.FieldValue, field.TypeString, value)
 	}
 	_node = &SecuritySecret{config: _u.config}
 	_spec.Assign = _node.assignValues
 	_spec.ScanValues = _node.scanValues
 	if err = sqlgraph.UpdateNode(ctx, _u.driver, _spec); err != nil {
 		if _, ok := err.(*sqlgraph.NotFoundError); ok {
 			err = &NotFoundError{securitysecret.Label}
 		} else if sqlgraph.IsConstraintError(err) {
 			err = &ConstraintError{msg: err.Error(), wrap: err}
 		}
 		return nil, err
 	}
 	_u.mutation.done = true
 	return _node, nil
 }
--- a/backend/ent/tx.go
+++ b/backend/ent/tx.go
@@ -20,6 +20,12 @@ type Tx struct {
 	Account *AccountClient
 	// AccountGroup is the client for interacting with the AccountGroup builders.
 	AccountGroup *AccountGroupClient
 	// Announcement is the client for interacting with the Announcement builders.
 	Announcement *AnnouncementClient
 	// AnnouncementRead is the client for interacting with the AnnouncementRead builders.
 	AnnouncementRead *AnnouncementReadClient
 	// ErrorPassthroughRule is the client for interacting with the ErrorPassthroughRule builders.
 	ErrorPassthroughRule *ErrorPassthroughRuleClient
 	// Group is the client for interacting with the Group builders.
 	Group *GroupClient
 	// PromoCode is the client for interacting with the PromoCode builders.
@@ -30,6 +36,8 @@ type Tx struct {
 	Proxy *ProxyClient
 	// RedeemCode is the client for interacting with the RedeemCode builders.
 	RedeemCode *RedeemCodeClient
 	// SecuritySecret is the client for interacting with the SecuritySecret builders.
 	SecuritySecret *SecuritySecretClient
 	// Setting is the client for interacting with the Setting builders.
 	Setting *SettingClient
 	// UsageCleanupTask is the client for interacting with the UsageCleanupTask builders.
@@ -180,11 +188,15 @@ func (tx *Tx) init() {
 	tx.APIKey = NewAPIKeyClient(tx.config)
 	tx.Account = NewAccountClient(tx.config)
 	tx.AccountGroup = NewAccountGroupClient(tx.config)
 	tx.Announcement = NewAnnouncementClient(tx.config)
 	tx.AnnouncementRead = NewAnnouncementReadClient(tx.config)
 	tx.ErrorPassthroughRule = NewErrorPassthroughRuleClient(tx.config)
 	tx.Group = NewGroupClient(tx.config)
 	tx.PromoCode = NewPromoCodeClient(tx.config)
 	tx.PromoCodeUsage = NewPromoCodeUsageClient(tx.config)
 	tx.Proxy = NewProxyClient(tx.config)
 	tx.RedeemCode = NewRedeemCodeClient(tx.config)
 	tx.SecuritySecret = NewSecuritySecretClient(tx.config)
 	tx.Setting = NewSettingClient(tx.config)
 	tx.UsageCleanupTask = NewUsageCleanupTaskClient(tx.config)
 	tx.UsageLog = NewUsageLogClient(tx.config)
--- a/backend/ent/usagelog.go
+++ b/backend/ent/usagelog.go
@@ -80,6 +80,10 @@ type UsageLog struct {
 	ImageCount int `json:"image_count,omitempty"`
 	// ImageSize holds the value of the "image_size" field.
 	ImageSize *string `json:"image_size,omitempty"`
 	// MediaType holds the value of the "media_type" field.
 	MediaType *string `json:"media_type,omitempty"`
 	// CacheTTLOverridden holds the value of the "cache_ttl_overridden" field.
 	CacheTTLOverridden bool `json:"cache_ttl_overridden,omitempty"`
 	// CreatedAt holds the value of the "created_at" field.
 	CreatedAt time.Time `json:"created_at,omitempty"`
 	// Edges holds the relations/edges for other nodes in the graph.
@@ -165,13 +169,13 @@ func (*UsageLog) scanValues(columns []string) ([]any, error) {
 	values := make([]any, len(columns))
 	for i := range columns {
 		switch columns[i] {
-		case usagelog.FieldStream:
+		case usagelog.FieldStream, usagelog.FieldCacheTTLOverridden:
 			values[i] = new(sql.NullBool)
 		case usagelog.FieldInputCost, usagelog.FieldOutputCost, usagelog.FieldCacheCreationCost, usagelog.FieldCacheReadCost, usagelog.FieldTotalCost, usagelog.FieldActualCost, usagelog.FieldRateMultiplier, usagelog.FieldAccountRateMultiplier:
 			values[i] = new(sql.NullFloat64)
 		case usagelog.FieldID, usagelog.FieldUserID, usagelog.FieldAPIKeyID, usagelog.FieldAccountID, usagelog.FieldGroupID, usagelog.FieldSubscriptionID, usagelog.FieldInputTokens, usagelog.FieldOutputTokens, usagelog.FieldCacheCreationTokens, usagelog.FieldCacheReadTokens, usagelog.FieldCacheCreation5mTokens, usagelog.FieldCacheCreation1hTokens, usagelog.FieldBillingType, usagelog.FieldDurationMs, usagelog.FieldFirstTokenMs, usagelog.FieldImageCount:
 			values[i] = new(sql.NullInt64)
-		case usagelog.FieldRequestID, usagelog.FieldModel, usagelog.FieldUserAgent, usagelog.FieldIPAddress, usagelog.FieldImageSize:
+		case usagelog.FieldRequestID, usagelog.FieldModel, usagelog.FieldUserAgent, usagelog.FieldIPAddress, usagelog.FieldImageSize, usagelog.FieldMediaType:
 			values[i] = new(sql.NullString)
 		case usagelog.FieldCreatedAt:
 			values[i] = new(sql.NullTime)
@@ -378,6 +382,19 @@ func (_m *UsageLog) assignValues(columns []string, values []any) error {
 				_m.ImageSize = new(string)
 				*_m.ImageSize = value.String
 			}
 		case usagelog.FieldMediaType:
 			if value, ok := values[i].(*sql.NullString); !ok {
 				return fmt.Errorf("unexpected type %T for field media_type", values[i])
 			} else if value.Valid {
 				_m.MediaType = new(string)
 				*_m.MediaType = value.String
 			}
 		case usagelog.FieldCacheTTLOverridden:
 			if value, ok := values[i].(*sql.NullBool); !ok {
 				return fmt.Errorf("unexpected type %T for field cache_ttl_overridden", values[i])
 			} else if value.Valid {
 				_m.CacheTTLOverridden = value.Bool
 			}
 		case usagelog.FieldCreatedAt:
 			if value, ok := values[i].(*sql.NullTime); !ok {
 				return fmt.Errorf("unexpected type %T for field created_at", values[i])
@@ -548,6 +565,14 @@ func (_m *UsageLog) String() string {
 		builder.WriteString(*v)
 	}
 	builder.WriteString(", ")
 	if v := _m.MediaType; v != nil {
 		builder.WriteString("media_type=")
 		builder.WriteString(*v)
 	}
 	builder.WriteString(", ")
 	builder.WriteString("cache_ttl_overridden=")
 	builder.WriteString(fmt.Sprintf("%v", _m.CacheTTLOverridden))
 	builder.WriteString(", ")
 	builder.WriteString("created_at=")
 	builder.WriteString(_m.CreatedAt.Format(time.ANSIC))
 	builder.WriteByte(')')
--- a/backend/ent/usagelog/usagelog.go
+++ b/backend/ent/usagelog/usagelog.go
@@ -72,6 +72,10 @@ const (
 	FieldImageCount = "image_count"
 	// FieldImageSize holds the string denoting the image_size field in the database.
 	FieldImageSize = "image_size"
 	// FieldMediaType holds the string denoting the media_type field in the database.
 	FieldMediaType = "media_type"
 	// FieldCacheTTLOverridden holds the string denoting the cache_ttl_overridden field in the database.
 	FieldCacheTTLOverridden = "cache_ttl_overridden"
 	// FieldCreatedAt holds the string denoting the created_at field in the database.
 	FieldCreatedAt = "created_at"
 	// EdgeUser holds the string denoting the user edge name in mutations.
@@ -155,6 +159,8 @@ var Columns = []string{
 	FieldIPAddress,
 	FieldImageCount,
 	FieldImageSize,
 	FieldMediaType,
 	FieldCacheTTLOverridden,
 	FieldCreatedAt,
 }
@@ -211,6 +217,10 @@ var (
 	DefaultImageCount int
 	// ImageSizeValidator is a validator for the "image_size" field. It is called by the builders before save.
 	ImageSizeValidator func(string) error
 	// MediaTypeValidator is a validator for the "media_type" field. It is called by the builders before save.
 	MediaTypeValidator func(string) error
 	// DefaultCacheTTLOverridden holds the default value on creation for the "cache_ttl_overridden" field.
 	DefaultCacheTTLOverridden bool
 	// DefaultCreatedAt holds the default value on creation for the "created_at" field.
 	DefaultCreatedAt func() time.Time
 )
@@ -368,6 +378,16 @@ func ByImageSize(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldImageSize, opts...).ToFunc()
 }
 // ByMediaType orders the results by the media_type field.
 func ByMediaType(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldMediaType, opts...).ToFunc()
 }
 // ByCacheTTLOverridden orders the results by the cache_ttl_overridden field.
 func ByCacheTTLOverridden(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldCacheTTLOverridden, opts...).ToFunc()
 }
 // ByCreatedAt orders the results by the created_at field.
 func ByCreatedAt(opts ...sql.OrderTermOption) OrderOption {
 	return sql.OrderByField(FieldCreatedAt, opts...).ToFunc()
--- a/backend/ent/usagelog/where.go
+++ b/backend/ent/usagelog/where.go
@@ -200,6 +200,16 @@ func ImageSize(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldImageSize, v))
 }
 // MediaType applies equality check predicate on the "media_type" field. It's identical to MediaTypeEQ.
 func MediaType(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldMediaType, v))
 }
 // CacheTTLOverridden applies equality check predicate on the "cache_ttl_overridden" field. It's identical to CacheTTLOverriddenEQ.
 func CacheTTLOverridden(v bool) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldCacheTTLOverridden, v))
 }
 // CreatedAt applies equality check predicate on the "created_at" field. It's identical to CreatedAtEQ.
 func CreatedAt(v time.Time) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldCreatedAt, v))
@@ -1440,6 +1450,91 @@ func ImageSizeContainsFold(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldContainsFold(FieldImageSize, v))
 }
 // MediaTypeEQ applies the EQ predicate on the "media_type" field.
 func MediaTypeEQ(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldMediaType, v))
 }
 // MediaTypeNEQ applies the NEQ predicate on the "media_type" field.
 func MediaTypeNEQ(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNEQ(FieldMediaType, v))
 }
 // MediaTypeIn applies the In predicate on the "media_type" field.
 func MediaTypeIn(vs ...string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldIn(FieldMediaType, vs...))
 }
 // MediaTypeNotIn applies the NotIn predicate on the "media_type" field.
 func MediaTypeNotIn(vs ...string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNotIn(FieldMediaType, vs...))
 }
 // MediaTypeGT applies the GT predicate on the "media_type" field.
 func MediaTypeGT(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldGT(FieldMediaType, v))
 }
 // MediaTypeGTE applies the GTE predicate on the "media_type" field.
 func MediaTypeGTE(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldGTE(FieldMediaType, v))
 }
 // MediaTypeLT applies the LT predicate on the "media_type" field.
 func MediaTypeLT(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldLT(FieldMediaType, v))
 }
 // MediaTypeLTE applies the LTE predicate on the "media_type" field.
 func MediaTypeLTE(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldLTE(FieldMediaType, v))
 }
 // MediaTypeContains applies the Contains predicate on the "media_type" field.
 func MediaTypeContains(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldContains(FieldMediaType, v))
 }
 // MediaTypeHasPrefix applies the HasPrefix predicate on the "media_type" field.
 func MediaTypeHasPrefix(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldHasPrefix(FieldMediaType, v))
 }
 // MediaTypeHasSuffix applies the HasSuffix predicate on the "media_type" field.
 func MediaTypeHasSuffix(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldHasSuffix(FieldMediaType, v))
 }
 // MediaTypeIsNil applies the IsNil predicate on the "media_type" field.
 func MediaTypeIsNil() predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldIsNull(FieldMediaType))
 }
 // MediaTypeNotNil applies the NotNil predicate on the "media_type" field.
 func MediaTypeNotNil() predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNotNull(FieldMediaType))
 }
 // MediaTypeEqualFold applies the EqualFold predicate on the "media_type" field.
 func MediaTypeEqualFold(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEqualFold(FieldMediaType, v))
 }
 // MediaTypeContainsFold applies the ContainsFold predicate on the "media_type" field.
 func MediaTypeContainsFold(v string) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldContainsFold(FieldMediaType, v))
 }
 // CacheTTLOverriddenEQ applies the EQ predicate on the "cache_ttl_overridden" field.
 func CacheTTLOverriddenEQ(v bool) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldCacheTTLOverridden, v))
 }
 // CacheTTLOverriddenNEQ applies the NEQ predicate on the "cache_ttl_overridden" field.
 func CacheTTLOverriddenNEQ(v bool) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldNEQ(FieldCacheTTLOverridden, v))
 }
 // CreatedAtEQ applies the EQ predicate on the "created_at" field.
 func CreatedAtEQ(v time.Time) predicate.UsageLog {
 	return predicate.UsageLog(sql.FieldEQ(FieldCreatedAt, v))
--- a/backend/ent/usagelog_create.go
+++ b/backend/ent/usagelog_create.go
@@ -393,6 +393,34 @@ func (_c *UsageLogCreate) SetNillableImageSize(v *string) *UsageLogCreate {
 	return _c
 }
 // SetMediaType sets the "media_type" field.
 func (_c *UsageLogCreate) SetMediaType(v string) *UsageLogCreate {
 	_c.mutation.SetMediaType(v)
 	return _c
 }
 // SetNillableMediaType sets the "media_type" field if the given value is not nil.
 func (_c *UsageLogCreate) SetNillableMediaType(v *string) *UsageLogCreate {
 	if v != nil {
 		_c.SetMediaType(*v)
 	}
 	return _c
 }
 // SetCacheTTLOverridden sets the "cache_ttl_overridden" field.
 func (_c *UsageLogCreate) SetCacheTTLOverridden(v bool) *UsageLogCreate {
 	_c.mutation.SetCacheTTLOverridden(v)
 	return _c
 }
 // SetNillableCacheTTLOverridden sets the "cache_ttl_overridden" field if the given value is not nil.
 func (_c *UsageLogCreate) SetNillableCacheTTLOverridden(v *bool) *UsageLogCreate {
 	if v != nil {
 		_c.SetCacheTTLOverridden(*v)
 	}
 	return _c
 }
 // SetCreatedAt sets the "created_at" field.
 func (_c *UsageLogCreate) SetCreatedAt(v time.Time) *UsageLogCreate {
 	_c.mutation.SetCreatedAt(v)
@@ -531,6 +559,10 @@ func (_c *UsageLogCreate) defaults() {
 		v := usagelog.DefaultImageCount
 		_c.mutation.SetImageCount(v)
 	}
 	if _, ok := _c.mutation.CacheTTLOverridden(); !ok {
 		v := usagelog.DefaultCacheTTLOverridden
 		_c.mutation.SetCacheTTLOverridden(v)
 	}
 	if _, ok := _c.mutation.CreatedAt(); !ok {
 		v := usagelog.DefaultCreatedAt()
 		_c.mutation.SetCreatedAt(v)
@@ -627,6 +659,14 @@ func (_c *UsageLogCreate) check() error {
 			return &ValidationError{Name: "image_size", err: fmt.Errorf(`ent: validator failed for field "UsageLog.image_size": %w`, err)}
 		}
 	}
 	if v, ok := _c.mutation.MediaType(); ok {
 		if err := usagelog.MediaTypeValidator(v); err != nil {
 			return &ValidationError{Name: "media_type", err: fmt.Errorf(`ent: validator failed for field "UsageLog.media_type": %w`, err)}
 		}
 	}
 	if _, ok := _c.mutation.CacheTTLOverridden(); !ok {
 		return &ValidationError{Name: "cache_ttl_overridden", err: errors.New(`ent: missing required field "UsageLog.cache_ttl_overridden"`)}
 	}
 	if _, ok := _c.mutation.CreatedAt(); !ok {
 		return &ValidationError{Name: "created_at", err: errors.New(`ent: missing required field "UsageLog.created_at"`)}
 	}
@@ -762,6 +802,14 @@ func (_c *UsageLogCreate) createSpec() (*UsageLog, *sqlgraph.CreateSpec) {
 		_spec.SetField(usagelog.FieldImageSize, field.TypeString, value)
 		_node.ImageSize = &value
 	}
 	if value, ok := _c.mutation.MediaType(); ok {
 		_spec.SetField(usagelog.FieldMediaType, field.TypeString, value)
 		_node.MediaType = &value
 	}
 	if value, ok := _c.mutation.CacheTTLOverridden(); ok {
 		_spec.SetField(usagelog.FieldCacheTTLOverridden, field.TypeBool, value)
 		_node.CacheTTLOverridden = value
 	}
 	if value, ok := _c.mutation.CreatedAt(); ok {
 		_spec.SetField(usagelog.FieldCreatedAt, field.TypeTime, value)
 		_node.CreatedAt = value
@@ -1407,6 +1455,36 @@ func (u *UsageLogUpsert) ClearImageSize() *UsageLogUpsert {
 	return u
 }
 // SetMediaType sets the "media_type" field.
 func (u *UsageLogUpsert) SetMediaType(v string) *UsageLogUpsert {
 	u.Set(usagelog.FieldMediaType, v)
 	return u
 }
 // UpdateMediaType sets the "media_type" field to the value that was provided on create.
 func (u *UsageLogUpsert) UpdateMediaType() *UsageLogUpsert {
 	u.SetExcluded(usagelog.FieldMediaType)
 	return u
 }
 // ClearMediaType clears the value of the "media_type" field.
 func (u *UsageLogUpsert) ClearMediaType() *UsageLogUpsert {
 	u.SetNull(usagelog.FieldMediaType)
 	return u
 }
 // SetCacheTTLOverridden sets the "cache_ttl_overridden" field.
 func (u *UsageLogUpsert) SetCacheTTLOverridden(v bool) *UsageLogUpsert {
 	u.Set(usagelog.FieldCacheTTLOverridden, v)
 	return u
 }
 // UpdateCacheTTLOverridden sets the "cache_ttl_overridden" field to the value that was provided on create.
 func (u *UsageLogUpsert) UpdateCacheTTLOverridden() *UsageLogUpsert {
 	u.SetExcluded(usagelog.FieldCacheTTLOverridden)
 	return u
 }
 // UpdateNewValues updates the mutable fields using the new values that were set on create.
 // Using this option is equivalent to using:
 //
@@ -2040,6 +2118,41 @@ func (u *UsageLogUpsertOne) ClearImageSize() *UsageLogUpsertOne {
 	})
 }
 // SetMediaType sets the "media_type" field.
 func (u *UsageLogUpsertOne) SetMediaType(v string) *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.SetMediaType(v)
 	})
 }
 // UpdateMediaType sets the "media_type" field to the value that was provided on create.
 func (u *UsageLogUpsertOne) UpdateMediaType() *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.UpdateMediaType()
 	})
 }
 // ClearMediaType clears the value of the "media_type" field.
 func (u *UsageLogUpsertOne) ClearMediaType() *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.ClearMediaType()
 	})
 }
 // SetCacheTTLOverridden sets the "cache_ttl_overridden" field.
 func (u *UsageLogUpsertOne) SetCacheTTLOverridden(v bool) *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.SetCacheTTLOverridden(v)
 	})
 }
 // UpdateCacheTTLOverridden sets the "cache_ttl_overridden" field to the value that was provided on create.
 func (u *UsageLogUpsertOne) UpdateCacheTTLOverridden() *UsageLogUpsertOne {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.UpdateCacheTTLOverridden()
 	})
 }
 // Exec executes the query.
 func (u *UsageLogUpsertOne) Exec(ctx context.Context) error {
 	if len(u.create.conflict) == 0 {
@@ -2839,6 +2952,41 @@ func (u *UsageLogUpsertBulk) ClearImageSize() *UsageLogUpsertBulk {
 	})
 }
 // SetMediaType sets the "media_type" field.
 func (u *UsageLogUpsertBulk) SetMediaType(v string) *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.SetMediaType(v)
 	})
 }
 // UpdateMediaType sets the "media_type" field to the value that was provided on create.
 func (u *UsageLogUpsertBulk) UpdateMediaType() *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.UpdateMediaType()
 	})
 }
 // ClearMediaType clears the value of the "media_type" field.
 func (u *UsageLogUpsertBulk) ClearMediaType() *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.ClearMediaType()
 	})
 }
 // SetCacheTTLOverridden sets the "cache_ttl_overridden" field.
 func (u *UsageLogUpsertBulk) SetCacheTTLOverridden(v bool) *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.SetCacheTTLOverridden(v)
 	})
 }
 // UpdateCacheTTLOverridden sets the "cache_ttl_overridden" field to the value that was provided on create.
 func (u *UsageLogUpsertBulk) UpdateCacheTTLOverridden() *UsageLogUpsertBulk {
 	return u.Update(func(s *UsageLogUpsert) {
 		s.UpdateCacheTTLOverridden()
 	})
 }
 // Exec executes the query.
 func (u *UsageLogUpsertBulk) Exec(ctx context.Context) error {
 	if u.create.err != nil {
--- a/backend/ent/usagelog_update.go
+++ b/backend/ent/usagelog_update.go
@@ -612,6 +612,40 @@ func (_u *UsageLogUpdate) ClearImageSize() *UsageLogUpdate {
 	return _u
 }
 // SetMediaType sets the "media_type" field.
 func (_u *UsageLogUpdate) SetMediaType(v string) *UsageLogUpdate {
 	_u.mutation.SetMediaType(v)
 	return _u
 }
 // SetNillableMediaType sets the "media_type" field if the given value is not nil.
 func (_u *UsageLogUpdate) SetNillableMediaType(v *string) *UsageLogUpdate {
 	if v != nil {
 		_u.SetMediaType(*v)
 	}
 	return _u
 }
 // ClearMediaType clears the value of the "media_type" field.
 func (_u *UsageLogUpdate) ClearMediaType() *UsageLogUpdate {
 	_u.mutation.ClearMediaType()
 	return _u
 }
 // SetCacheTTLOverridden sets the "cache_ttl_overridden" field.
 func (_u *UsageLogUpdate) SetCacheTTLOverridden(v bool) *UsageLogUpdate {
 	_u.mutation.SetCacheTTLOverridden(v)
 	return _u
 }
 // SetNillableCacheTTLOverridden sets the "cache_ttl_overridden" field if the given value is not nil.
 func (_u *UsageLogUpdate) SetNillableCacheTTLOverridden(v *bool) *UsageLogUpdate {
 	if v != nil {
 		_u.SetCacheTTLOverridden(*v)
 	}
 	return _u
 }
 // SetUser sets the "user" edge to the User entity.
 func (_u *UsageLogUpdate) SetUser(v *User) *UsageLogUpdate {
 	return _u.SetUserID(v.ID)
@@ -726,6 +760,11 @@ func (_u *UsageLogUpdate) check() error {
 			return &ValidationError{Name: "image_size", err: fmt.Errorf(`ent: validator failed for field "UsageLog.image_size": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.MediaType(); ok {
 		if err := usagelog.MediaTypeValidator(v); err != nil {
 			return &ValidationError{Name: "media_type", err: fmt.Errorf(`ent: validator failed for field "UsageLog.media_type": %w`, err)}
 		}
 	}
 	if _u.mutation.UserCleared() && len(_u.mutation.UserIDs()) > 0 {
 		return errors.New(`ent: clearing a required unique edge "UsageLog.user"`)
 	}
@@ -894,6 +933,15 @@ func (_u *UsageLogUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 	if _u.mutation.ImageSizeCleared() {
 		_spec.ClearField(usagelog.FieldImageSize, field.TypeString)
 	}
 	if value, ok := _u.mutation.MediaType(); ok {
 		_spec.SetField(usagelog.FieldMediaType, field.TypeString, value)
 	}
 	if _u.mutation.MediaTypeCleared() {
 		_spec.ClearField(usagelog.FieldMediaType, field.TypeString)
 	}
 	if value, ok := _u.mutation.CacheTTLOverridden(); ok {
 		_spec.SetField(usagelog.FieldCacheTTLOverridden, field.TypeBool, value)
 	}
 	if _u.mutation.UserCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
@@ -1639,6 +1687,40 @@ func (_u *UsageLogUpdateOne) ClearImageSize() *UsageLogUpdateOne {
 	return _u
 }
 // SetMediaType sets the "media_type" field.
 func (_u *UsageLogUpdateOne) SetMediaType(v string) *UsageLogUpdateOne {
 	_u.mutation.SetMediaType(v)
 	return _u
 }
 // SetNillableMediaType sets the "media_type" field if the given value is not nil.
 func (_u *UsageLogUpdateOne) SetNillableMediaType(v *string) *UsageLogUpdateOne {
 	if v != nil {
 		_u.SetMediaType(*v)
 	}
 	return _u
 }
 // ClearMediaType clears the value of the "media_type" field.
 func (_u *UsageLogUpdateOne) ClearMediaType() *UsageLogUpdateOne {
 	_u.mutation.ClearMediaType()
 	return _u
 }
 // SetCacheTTLOverridden sets the "cache_ttl_overridden" field.
 func (_u *UsageLogUpdateOne) SetCacheTTLOverridden(v bool) *UsageLogUpdateOne {
 	_u.mutation.SetCacheTTLOverridden(v)
 	return _u
 }
 // SetNillableCacheTTLOverridden sets the "cache_ttl_overridden" field if the given value is not nil.
 func (_u *UsageLogUpdateOne) SetNillableCacheTTLOverridden(v *bool) *UsageLogUpdateOne {
 	if v != nil {
 		_u.SetCacheTTLOverridden(*v)
 	}
 	return _u
 }
 // SetUser sets the "user" edge to the User entity.
 func (_u *UsageLogUpdateOne) SetUser(v *User) *UsageLogUpdateOne {
 	return _u.SetUserID(v.ID)
@@ -1766,6 +1848,11 @@ func (_u *UsageLogUpdateOne) check() error {
 			return &ValidationError{Name: "image_size", err: fmt.Errorf(`ent: validator failed for field "UsageLog.image_size": %w`, err)}
 		}
 	}
 	if v, ok := _u.mutation.MediaType(); ok {
 		if err := usagelog.MediaTypeValidator(v); err != nil {
 			return &ValidationError{Name: "media_type", err: fmt.Errorf(`ent: validator failed for field "UsageLog.media_type": %w`, err)}
 		}
 	}
 	if _u.mutation.UserCleared() && len(_u.mutation.UserIDs()) > 0 {
 		return errors.New(`ent: clearing a required unique edge "UsageLog.user"`)
 	}
@@ -1951,6 +2038,15 @@ func (_u *UsageLogUpdateOne) sqlSave(ctx context.Context) (_node *UsageLog, err
 	if _u.mutation.ImageSizeCleared() {
 		_spec.ClearField(usagelog.FieldImageSize, field.TypeString)
 	}
 	if value, ok := _u.mutation.MediaType(); ok {
 		_spec.SetField(usagelog.FieldMediaType, field.TypeString, value)
 	}
 	if _u.mutation.MediaTypeCleared() {
 		_spec.ClearField(usagelog.FieldMediaType, field.TypeString)
 	}
 	if value, ok := _u.mutation.CacheTTLOverridden(); ok {
 		_spec.SetField(usagelog.FieldCacheTTLOverridden, field.TypeBool, value)
 	}
 	if _u.mutation.UserCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2O,
--- a/backend/ent/user.go
+++ b/backend/ent/user.go
@@ -61,6 +61,8 @@ type UserEdges struct {
 	Subscriptions []*UserSubscription `json:"subscriptions,omitempty"`
 	// AssignedSubscriptions holds the value of the assigned_subscriptions edge.
 	AssignedSubscriptions []*UserSubscription `json:"assigned_subscriptions,omitempty"`
 	// AnnouncementReads holds the value of the announcement_reads edge.
 	AnnouncementReads []*AnnouncementRead `json:"announcement_reads,omitempty"`
 	// AllowedGroups holds the value of the allowed_groups edge.
 	AllowedGroups []*Group `json:"allowed_groups,omitempty"`
 	// UsageLogs holds the value of the usage_logs edge.
@@ -73,7 +75,7 @@ type UserEdges struct {
 	UserAllowedGroups []*UserAllowedGroup `json:"user_allowed_groups,omitempty"`
 	// loadedTypes holds the information for reporting if a
 	// type was loaded (or requested) in eager-loading or not.
-	loadedTypes [9]bool
+	loadedTypes [10]bool
 }
 // APIKeysOrErr returns the APIKeys value or an error if the edge
@@ -112,10 +114,19 @@ func (e UserEdges) AssignedSubscriptionsOrErr() ([]*UserSubscription, error) {
 	return nil, &NotLoadedError{edge: "assigned_subscriptions"}
 }
 // AnnouncementReadsOrErr returns the AnnouncementReads value or an error if the edge
 // was not loaded in eager-loading.
 func (e UserEdges) AnnouncementReadsOrErr() ([]*AnnouncementRead, error) {
 	if e.loadedTypes[4] {
 		return e.AnnouncementReads, nil
 	}
 	return nil, &NotLoadedError{edge: "announcement_reads"}
 }
 // AllowedGroupsOrErr returns the AllowedGroups value or an error if the edge
 // was not loaded in eager-loading.
 func (e UserEdges) AllowedGroupsOrErr() ([]*Group, error) {
-	if e.loadedTypes[4] {
+	if e.loadedTypes[5] {
 		return e.AllowedGroups, nil
 	}
 	return nil, &NotLoadedError{edge: "allowed_groups"}
@@ -124,7 +135,7 @@ func (e UserEdges) AllowedGroupsOrErr() ([]*Group, error) {
 // UsageLogsOrErr returns the UsageLogs value or an error if the edge
 // was not loaded in eager-loading.
 func (e UserEdges) UsageLogsOrErr() ([]*UsageLog, error) {
-	if e.loadedTypes[5] {
+	if e.loadedTypes[6] {
 		return e.UsageLogs, nil
 	}
 	return nil, &NotLoadedError{edge: "usage_logs"}
@@ -133,7 +144,7 @@ func (e UserEdges) UsageLogsOrErr() ([]*UsageLog, error) {
 // AttributeValuesOrErr returns the AttributeValues value or an error if the edge
 // was not loaded in eager-loading.
 func (e UserEdges) AttributeValuesOrErr() ([]*UserAttributeValue, error) {
-	if e.loadedTypes[6] {
+	if e.loadedTypes[7] {
 		return e.AttributeValues, nil
 	}
 	return nil, &NotLoadedError{edge: "attribute_values"}
@@ -142,7 +153,7 @@ func (e UserEdges) AttributeValuesOrErr() ([]*UserAttributeValue, error) {
 // PromoCodeUsagesOrErr returns the PromoCodeUsages value or an error if the edge
 // was not loaded in eager-loading.
 func (e UserEdges) PromoCodeUsagesOrErr() ([]*PromoCodeUsage, error) {
-	if e.loadedTypes[7] {
+	if e.loadedTypes[8] {
 		return e.PromoCodeUsages, nil
 	}
 	return nil, &NotLoadedError{edge: "promo_code_usages"}
@@ -151,7 +162,7 @@ func (e UserEdges) PromoCodeUsagesOrErr() ([]*PromoCodeUsage, error) {
 // UserAllowedGroupsOrErr returns the UserAllowedGroups value or an error if the edge
 // was not loaded in eager-loading.
 func (e UserEdges) UserAllowedGroupsOrErr() ([]*UserAllowedGroup, error) {
-	if e.loadedTypes[8] {
+	if e.loadedTypes[9] {
 		return e.UserAllowedGroups, nil
 	}
 	return nil, &NotLoadedError{edge: "user_allowed_groups"}
@@ -313,6 +324,11 @@ func (_m *User) QueryAssignedSubscriptions() *UserSubscriptionQuery {
 	return NewUserClient(_m.config).QueryAssignedSubscriptions(_m)
 }
 // QueryAnnouncementReads queries the "announcement_reads" edge of the User entity.
 func (_m *User) QueryAnnouncementReads() *AnnouncementReadQuery {
 	return NewUserClient(_m.config).QueryAnnouncementReads(_m)
 }
 // QueryAllowedGroups queries the "allowed_groups" edge of the User entity.
 func (_m *User) QueryAllowedGroups() *GroupQuery {
 	return NewUserClient(_m.config).QueryAllowedGroups(_m)
--- a/backend/ent/user/user.go
+++ b/backend/ent/user/user.go
@@ -51,6 +51,8 @@ const (
 	EdgeSubscriptions = "subscriptions"
 	// EdgeAssignedSubscriptions holds the string denoting the assigned_subscriptions edge name in mutations.
 	EdgeAssignedSubscriptions = "assigned_subscriptions"
 	// EdgeAnnouncementReads holds the string denoting the announcement_reads edge name in mutations.
 	EdgeAnnouncementReads = "announcement_reads"
 	// EdgeAllowedGroups holds the string denoting the allowed_groups edge name in mutations.
 	EdgeAllowedGroups = "allowed_groups"
 	// EdgeUsageLogs holds the string denoting the usage_logs edge name in mutations.
@@ -91,6 +93,13 @@ const (
 	AssignedSubscriptionsInverseTable = "user_subscriptions"
 	// AssignedSubscriptionsColumn is the table column denoting the assigned_subscriptions relation/edge.
 	AssignedSubscriptionsColumn = "assigned_by"
 	// AnnouncementReadsTable is the table that holds the announcement_reads relation/edge.
 	AnnouncementReadsTable = "announcement_reads"
 	// AnnouncementReadsInverseTable is the table name for the AnnouncementRead entity.
 	// It exists in this package in order to avoid circular dependency with the "announcementread" package.
 	AnnouncementReadsInverseTable = "announcement_reads"
 	// AnnouncementReadsColumn is the table column denoting the announcement_reads relation/edge.
 	AnnouncementReadsColumn = "user_id"
 	// AllowedGroupsTable is the table that holds the allowed_groups relation/edge. The primary key declared below.
 	AllowedGroupsTable = "user_allowed_groups"
 	// AllowedGroupsInverseTable is the table name for the Group entity.
@@ -335,6 +344,20 @@ func ByAssignedSubscriptions(term sql.OrderTerm, terms ...sql.OrderTerm) OrderOp
 	}
 }
 // ByAnnouncementReadsCount orders the results by announcement_reads count.
 func ByAnnouncementReadsCount(opts ...sql.OrderTermOption) OrderOption {
 	return func(s *sql.Selector) {
 		sqlgraph.OrderByNeighborsCount(s, newAnnouncementReadsStep(), opts...)
 	}
 }
 // ByAnnouncementReads orders the results by announcement_reads terms.
 func ByAnnouncementReads(term sql.OrderTerm, terms ...sql.OrderTerm) OrderOption {
 	return func(s *sql.Selector) {
 		sqlgraph.OrderByNeighborTerms(s, newAnnouncementReadsStep(), append([]sql.OrderTerm{term}, terms...)...)
 	}
 }
 // ByAllowedGroupsCount orders the results by allowed_groups count.
 func ByAllowedGroupsCount(opts ...sql.OrderTermOption) OrderOption {
 	return func(s *sql.Selector) {
@@ -432,6 +455,13 @@ func newAssignedSubscriptionsStep() *sqlgraph.Step {
 		sqlgraph.Edge(sqlgraph.O2M, false, AssignedSubscriptionsTable, AssignedSubscriptionsColumn),
 	)
 }
 func newAnnouncementReadsStep() *sqlgraph.Step {
 	return sqlgraph.NewStep(
 		sqlgraph.From(Table, FieldID),
 		sqlgraph.To(AnnouncementReadsInverseTable, FieldID),
 		sqlgraph.Edge(sqlgraph.O2M, false, AnnouncementReadsTable, AnnouncementReadsColumn),
 	)
 }
 func newAllowedGroupsStep() *sqlgraph.Step {
 	return sqlgraph.NewStep(
 		sqlgraph.From(Table, FieldID),
--- a/backend/ent/user/where.go
+++ b/backend/ent/user/where.go
@@ -952,6 +952,29 @@ func HasAssignedSubscriptionsWith(preds ...predicate.UserSubscription) predicate
 	})
 }
 // HasAnnouncementReads applies the HasEdge predicate on the "announcement_reads" edge.
 func HasAnnouncementReads() predicate.User {
 	return predicate.User(func(s *sql.Selector) {
 		step := sqlgraph.NewStep(
 			sqlgraph.From(Table, FieldID),
 			sqlgraph.Edge(sqlgraph.O2M, false, AnnouncementReadsTable, AnnouncementReadsColumn),
 		)
 		sqlgraph.HasNeighbors(s, step)
 	})
 }
 // HasAnnouncementReadsWith applies the HasEdge predicate on the "announcement_reads" edge with a given conditions (other predicates).
 func HasAnnouncementReadsWith(preds ...predicate.AnnouncementRead) predicate.User {
 	return predicate.User(func(s *sql.Selector) {
 		step := newAnnouncementReadsStep()
 		sqlgraph.HasNeighborsWith(s, step, func(s *sql.Selector) {
 			for _, p := range preds {
 				p(s)
 			}
 		})
 	})
 }
 // HasAllowedGroups applies the HasEdge predicate on the "allowed_groups" edge.
 func HasAllowedGroups() predicate.User {
 	return predicate.User(func(s *sql.Selector) {
--- a/backend/ent/user_create.go
+++ b/backend/ent/user_create.go
@@ -11,6 +11,7 @@ import (
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/announcementread"
 	"github.com/Wei-Shaw/sub2api/ent/apikey"
 	"github.com/Wei-Shaw/sub2api/ent/group"
 	"github.com/Wei-Shaw/sub2api/ent/promocodeusage"
@@ -269,6 +270,21 @@ func (_c *UserCreate) AddAssignedSubscriptions(v ...*UserSubscription) *UserCrea
 	return _c.AddAssignedSubscriptionIDs(ids...)
 }
 // AddAnnouncementReadIDs adds the "announcement_reads" edge to the AnnouncementRead entity by IDs.
 func (_c *UserCreate) AddAnnouncementReadIDs(ids ...int64) *UserCreate {
 	_c.mutation.AddAnnouncementReadIDs(ids...)
 	return _c
 }
 // AddAnnouncementReads adds the "announcement_reads" edges to the AnnouncementRead entity.
 func (_c *UserCreate) AddAnnouncementReads(v ...*AnnouncementRead) *UserCreate {
 	ids := make([]int64, len(v))
 	for i := range v {
 		ids[i] = v[i].ID
 	}
 	return _c.AddAnnouncementReadIDs(ids...)
 }
 // AddAllowedGroupIDs adds the "allowed_groups" edge to the Group entity by IDs.
 func (_c *UserCreate) AddAllowedGroupIDs(ids ...int64) *UserCreate {
 	_c.mutation.AddAllowedGroupIDs(ids...)
@@ -618,6 +634,22 @@ func (_c *UserCreate) createSpec() (*User, *sqlgraph.CreateSpec) {
 		}
 		_spec.Edges = append(_spec.Edges, edge)
 	}
 	if nodes := _c.mutation.AnnouncementReadsIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
 			Table:   user.AnnouncementReadsTable,
 			Columns: []string{user.AnnouncementReadsColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64),
 			},
 		}
 		for _, k := range nodes {
 			edge.Target.Nodes = append(edge.Target.Nodes, k)
 		}
 		_spec.Edges = append(_spec.Edges, edge)
 	}
 	if nodes := _c.mutation.AllowedGroupsIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2M,
--- a/backend/ent/user_query.go
+++ b/backend/ent/user_query.go
@@ -13,6 +13,7 @@ import (
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/announcementread"
 	"github.com/Wei-Shaw/sub2api/ent/apikey"
 	"github.com/Wei-Shaw/sub2api/ent/group"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
@@ -36,6 +37,7 @@ type UserQuery struct {
 	withRedeemCodes           *RedeemCodeQuery
 	withSubscriptions         *UserSubscriptionQuery
 	withAssignedSubscriptions *UserSubscriptionQuery
 	withAnnouncementReads     *AnnouncementReadQuery
 	withAllowedGroups         *GroupQuery
 	withUsageLogs             *UsageLogQuery
 	withAttributeValues       *UserAttributeValueQuery
@@ -166,6 +168,28 @@ func (_q *UserQuery) QueryAssignedSubscriptions() *UserSubscriptionQuery {
 	return query
 }
 // QueryAnnouncementReads chains the current query on the "announcement_reads" edge.
 func (_q *UserQuery) QueryAnnouncementReads() *AnnouncementReadQuery {
 	query := (&AnnouncementReadClient{config: _q.config}).Query()
 	query.path = func(ctx context.Context) (fromU *sql.Selector, err error) {
 		if err := _q.prepareQuery(ctx); err != nil {
 			return nil, err
 		}
 		selector := _q.sqlQuery(ctx)
 		if err := selector.Err(); err != nil {
 			return nil, err
 		}
 		step := sqlgraph.NewStep(
 			sqlgraph.From(user.Table, user.FieldID, selector),
 			sqlgraph.To(announcementread.Table, announcementread.FieldID),
 			sqlgraph.Edge(sqlgraph.O2M, false, user.AnnouncementReadsTable, user.AnnouncementReadsColumn),
 		)
 		fromU = sqlgraph.SetNeighbors(_q.driver.Dialect(), step)
 		return fromU, nil
 	}
 	return query
 }
 // QueryAllowedGroups chains the current query on the "allowed_groups" edge.
 func (_q *UserQuery) QueryAllowedGroups() *GroupQuery {
 	query := (&GroupClient{config: _q.config}).Query()
@@ -472,6 +496,7 @@ func (_q *UserQuery) Clone() *UserQuery {
 		withRedeemCodes:           _q.withRedeemCodes.Clone(),
 		withSubscriptions:         _q.withSubscriptions.Clone(),
 		withAssignedSubscriptions: _q.withAssignedSubscriptions.Clone(),
 		withAnnouncementReads:     _q.withAnnouncementReads.Clone(),
 		withAllowedGroups:         _q.withAllowedGroups.Clone(),
 		withUsageLogs:             _q.withUsageLogs.Clone(),
 		withAttributeValues:       _q.withAttributeValues.Clone(),
@@ -527,6 +552,17 @@ func (_q *UserQuery) WithAssignedSubscriptions(opts ...func(*UserSubscriptionQue
 	return _q
 }
 // WithAnnouncementReads tells the query-builder to eager-load the nodes that are connected to
 // the "announcement_reads" edge. The optional arguments are used to configure the query builder of the edge.
 func (_q *UserQuery) WithAnnouncementReads(opts ...func(*AnnouncementReadQuery)) *UserQuery {
 	query := (&AnnouncementReadClient{config: _q.config}).Query()
 	for _, opt := range opts {
 		opt(query)
 	}
 	_q.withAnnouncementReads = query
 	return _q
 }
 // WithAllowedGroups tells the query-builder to eager-load the nodes that are connected to
 // the "allowed_groups" edge. The optional arguments are used to configure the query builder of the edge.
 func (_q *UserQuery) WithAllowedGroups(opts ...func(*GroupQuery)) *UserQuery {
@@ -660,11 +696,12 @@ func (_q *UserQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*User, e
 	var (
 		nodes       = []*User{}
 		_spec       = _q.querySpec()
-		loadedTypes = [9]bool{
+		loadedTypes = [10]bool{
 			_q.withAPIKeys != nil,
 			_q.withRedeemCodes != nil,
 			_q.withSubscriptions != nil,
 			_q.withAssignedSubscriptions != nil,
 			_q.withAnnouncementReads != nil,
 			_q.withAllowedGroups != nil,
 			_q.withUsageLogs != nil,
 			_q.withAttributeValues != nil,
@@ -723,6 +760,13 @@ func (_q *UserQuery) sqlAll(ctx context.Context, hooks ...queryHook) ([]*User, e
 			return nil, err
 		}
 	}
 	if query := _q.withAnnouncementReads; query != nil {
 		if err := _q.loadAnnouncementReads(ctx, query, nodes,
 			func(n *User) { n.Edges.AnnouncementReads = []*AnnouncementRead{} },
 			func(n *User, e *AnnouncementRead) { n.Edges.AnnouncementReads = append(n.Edges.AnnouncementReads, e) }); err != nil {
 			return nil, err
 		}
 	}
 	if query := _q.withAllowedGroups; query != nil {
 		if err := _q.loadAllowedGroups(ctx, query, nodes,
 			func(n *User) { n.Edges.AllowedGroups = []*Group{} },
@@ -887,6 +931,36 @@ func (_q *UserQuery) loadAssignedSubscriptions(ctx context.Context, query *UserS
 	}
 	return nil
 }
 func (_q *UserQuery) loadAnnouncementReads(ctx context.Context, query *AnnouncementReadQuery, nodes []*User, init func(*User), assign func(*User, *AnnouncementRead)) error {
 	fks := make([]driver.Value, 0, len(nodes))
 	nodeids := make(map[int64]*User)
 	for i := range nodes {
 		fks = append(fks, nodes[i].ID)
 		nodeids[nodes[i].ID] = nodes[i]
 		if init != nil {
 			init(nodes[i])
 		}
 	}
 	if len(query.ctx.Fields) > 0 {
 		query.ctx.AppendFieldOnce(announcementread.FieldUserID)
 	}
 	query.Where(predicate.AnnouncementRead(func(s *sql.Selector) {
 		s.Where(sql.InValues(s.C(user.AnnouncementReadsColumn), fks...))
 	}))
 	neighbors, err := query.All(ctx)
 	if err != nil {
 		return err
 	}
 	for _, n := range neighbors {
 		fk := n.UserID
 		node, ok := nodeids[fk]
 		if !ok {
 			return fmt.Errorf(`unexpected referenced foreign-key "user_id" returned %v for node %v`, fk, n.ID)
 		}
 		assign(node, n)
 	}
 	return nil
 }
 func (_q *UserQuery) loadAllowedGroups(ctx context.Context, query *GroupQuery, nodes []*User, init func(*User), assign func(*User, *Group)) error {
 	edgeIDs := make([]driver.Value, len(nodes))
 	byID := make(map[int64]*User)
--- a/backend/ent/user_update.go
+++ b/backend/ent/user_update.go
@@ -11,6 +11,7 @@ import (
 	"entgo.io/ent/dialect/sql"
 	"entgo.io/ent/dialect/sql/sqlgraph"
 	"entgo.io/ent/schema/field"
 	"github.com/Wei-Shaw/sub2api/ent/announcementread"
 	"github.com/Wei-Shaw/sub2api/ent/apikey"
 	"github.com/Wei-Shaw/sub2api/ent/group"
 	"github.com/Wei-Shaw/sub2api/ent/predicate"
@@ -301,6 +302,21 @@ func (_u *UserUpdate) AddAssignedSubscriptions(v ...*UserSubscription) *UserUpda
 	return _u.AddAssignedSubscriptionIDs(ids...)
 }
 // AddAnnouncementReadIDs adds the "announcement_reads" edge to the AnnouncementRead entity by IDs.
 func (_u *UserUpdate) AddAnnouncementReadIDs(ids ...int64) *UserUpdate {
 	_u.mutation.AddAnnouncementReadIDs(ids...)
 	return _u
 }
 // AddAnnouncementReads adds the "announcement_reads" edges to the AnnouncementRead entity.
 func (_u *UserUpdate) AddAnnouncementReads(v ...*AnnouncementRead) *UserUpdate {
 	ids := make([]int64, len(v))
 	for i := range v {
 		ids[i] = v[i].ID
 	}
 	return _u.AddAnnouncementReadIDs(ids...)
 }
 // AddAllowedGroupIDs adds the "allowed_groups" edge to the Group entity by IDs.
 func (_u *UserUpdate) AddAllowedGroupIDs(ids ...int64) *UserUpdate {
 	_u.mutation.AddAllowedGroupIDs(ids...)
@@ -450,6 +466,27 @@ func (_u *UserUpdate) RemoveAssignedSubscriptions(v ...*UserSubscription) *UserU
 	return _u.RemoveAssignedSubscriptionIDs(ids...)
 }
 // ClearAnnouncementReads clears all "announcement_reads" edges to the AnnouncementRead entity.
 func (_u *UserUpdate) ClearAnnouncementReads() *UserUpdate {
 	_u.mutation.ClearAnnouncementReads()
 	return _u
 }
 // RemoveAnnouncementReadIDs removes the "announcement_reads" edge to AnnouncementRead entities by IDs.
 func (_u *UserUpdate) RemoveAnnouncementReadIDs(ids ...int64) *UserUpdate {
 	_u.mutation.RemoveAnnouncementReadIDs(ids...)
 	return _u
 }
 // RemoveAnnouncementReads removes "announcement_reads" edges to AnnouncementRead entities.
 func (_u *UserUpdate) RemoveAnnouncementReads(v ...*AnnouncementRead) *UserUpdate {
 	ids := make([]int64, len(v))
 	for i := range v {
 		ids[i] = v[i].ID
 	}
 	return _u.RemoveAnnouncementReadIDs(ids...)
 }
 // ClearAllowedGroups clears all "allowed_groups" edges to the Group entity.
 func (_u *UserUpdate) ClearAllowedGroups() *UserUpdate {
 	_u.mutation.ClearAllowedGroups()
@@ -852,6 +889,51 @@ func (_u *UserUpdate) sqlSave(ctx context.Context) (_node int, err error) {
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
 	if _u.mutation.AnnouncementReadsCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
 			Table:   user.AnnouncementReadsTable,
 			Columns: []string{user.AnnouncementReadsColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64),
 			},
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
 	if nodes := _u.mutation.RemovedAnnouncementReadsIDs(); len(nodes) > 0 && !_u.mutation.AnnouncementReadsCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
 			Table:   user.AnnouncementReadsTable,
 			Columns: []string{user.AnnouncementReadsColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64),
 			},
 		}
 		for _, k := range nodes {
 			edge.Target.Nodes = append(edge.Target.Nodes, k)
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
 	if nodes := _u.mutation.AnnouncementReadsIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
 			Table:   user.AnnouncementReadsTable,
 			Columns: []string{user.AnnouncementReadsColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64),
 			},
 		}
 		for _, k := range nodes {
 			edge.Target.Nodes = append(edge.Target.Nodes, k)
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
 	if _u.mutation.AllowedGroupsCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2M,
@@ -1330,6 +1412,21 @@ func (_u *UserUpdateOne) AddAssignedSubscriptions(v ...*UserSubscription) *UserU
 	return _u.AddAssignedSubscriptionIDs(ids...)
 }
 // AddAnnouncementReadIDs adds the "announcement_reads" edge to the AnnouncementRead entity by IDs.
 func (_u *UserUpdateOne) AddAnnouncementReadIDs(ids ...int64) *UserUpdateOne {
 	_u.mutation.AddAnnouncementReadIDs(ids...)
 	return _u
 }
 // AddAnnouncementReads adds the "announcement_reads" edges to the AnnouncementRead entity.
 func (_u *UserUpdateOne) AddAnnouncementReads(v ...*AnnouncementRead) *UserUpdateOne {
 	ids := make([]int64, len(v))
 	for i := range v {
 		ids[i] = v[i].ID
 	}
 	return _u.AddAnnouncementReadIDs(ids...)
 }
 // AddAllowedGroupIDs adds the "allowed_groups" edge to the Group entity by IDs.
 func (_u *UserUpdateOne) AddAllowedGroupIDs(ids ...int64) *UserUpdateOne {
 	_u.mutation.AddAllowedGroupIDs(ids...)
@@ -1479,6 +1576,27 @@ func (_u *UserUpdateOne) RemoveAssignedSubscriptions(v ...*UserSubscription) *Us
 	return _u.RemoveAssignedSubscriptionIDs(ids...)
 }
 // ClearAnnouncementReads clears all "announcement_reads" edges to the AnnouncementRead entity.
 func (_u *UserUpdateOne) ClearAnnouncementReads() *UserUpdateOne {
 	_u.mutation.ClearAnnouncementReads()
 	return _u
 }
 // RemoveAnnouncementReadIDs removes the "announcement_reads" edge to AnnouncementRead entities by IDs.
 func (_u *UserUpdateOne) RemoveAnnouncementReadIDs(ids ...int64) *UserUpdateOne {
 	_u.mutation.RemoveAnnouncementReadIDs(ids...)
 	return _u
 }
 // RemoveAnnouncementReads removes "announcement_reads" edges to AnnouncementRead entities.
 func (_u *UserUpdateOne) RemoveAnnouncementReads(v ...*AnnouncementRead) *UserUpdateOne {
 	ids := make([]int64, len(v))
 	for i := range v {
 		ids[i] = v[i].ID
 	}
 	return _u.RemoveAnnouncementReadIDs(ids...)
 }
 // ClearAllowedGroups clears all "allowed_groups" edges to the Group entity.
 func (_u *UserUpdateOne) ClearAllowedGroups() *UserUpdateOne {
 	_u.mutation.ClearAllowedGroups()
@@ -1911,6 +2029,51 @@ func (_u *UserUpdateOne) sqlSave(ctx context.Context) (_node *User, err error) {
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
 	if _u.mutation.AnnouncementReadsCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
 			Table:   user.AnnouncementReadsTable,
 			Columns: []string{user.AnnouncementReadsColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64),
 			},
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
 	if nodes := _u.mutation.RemovedAnnouncementReadsIDs(); len(nodes) > 0 && !_u.mutation.AnnouncementReadsCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
 			Table:   user.AnnouncementReadsTable,
 			Columns: []string{user.AnnouncementReadsColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64),
 			},
 		}
 		for _, k := range nodes {
 			edge.Target.Nodes = append(edge.Target.Nodes, k)
 		}
 		_spec.Edges.Clear = append(_spec.Edges.Clear, edge)
 	}
 	if nodes := _u.mutation.AnnouncementReadsIDs(); len(nodes) > 0 {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.O2M,
 			Inverse: false,
 			Table:   user.AnnouncementReadsTable,
 			Columns: []string{user.AnnouncementReadsColumn},
 			Bidi:    false,
 			Target: &sqlgraph.EdgeTarget{
 				IDSpec: sqlgraph.NewFieldSpec(announcementread.FieldID, field.TypeInt64),
 			},
 		}
 		for _, k := range nodes {
 			edge.Target.Nodes = append(edge.Target.Nodes, k)
 		}
 		_spec.Edges.Add = append(_spec.Edges.Add, edge)
 	}
 	if _u.mutation.AllowedGroupsCleared() {
 		edge := &sqlgraph.EdgeSpec{
 			Rel:     sqlgraph.M2M,
--- a/backend/go.mod
+++ b/backend/go.mod
@@ -1,9 +1,14 @@
 module github.com/Wei-Shaw/sub2api
-go 1.25.5
+go 1.25.7
 require (
 	entgo.io/ent v0.14.5
 	github.com/DATA-DOG/go-sqlmock v1.5.2
 	github.com/DouDOU-start/go-sora2api v1.1.0
 	github.com/alitto/pond/v2 v2.6.2
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/dgraph-io/ristretto v0.2.0
 	github.com/gin-gonic/gin v1.9.1
 	github.com/golang-jwt/jwt/v5 v5.2.2
 	github.com/google/uuid v1.6.0
@@ -11,7 +16,11 @@ require (
 	github.com/gorilla/websocket v1.5.3
 	github.com/imroc/req/v3 v3.57.0
 	github.com/lib/pq v1.10.9
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pquerna/otp v1.5.0
 	github.com/redis/go-redis/v9 v9.17.2
 	github.com/refraction-networking/utls v1.8.2
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/shirou/gopsutil/v4 v4.25.6
 	github.com/spf13/viper v1.18.2
 	github.com/stretchr/testify v1.11.1
@@ -20,27 +29,35 @@ require (
 	github.com/tidwall/gjson v1.18.0
 	github.com/tidwall/sjson v1.2.5
 	github.com/zeromicro/go-zero v1.9.4
-	golang.org/x/crypto v0.46.0
+	go.uber.org/zap v1.24.0
-	golang.org/x/net v0.48.0
+	golang.org/x/crypto v0.48.0
 	golang.org/x/net v0.49.0
 	golang.org/x/sync v0.19.0
-	golang.org/x/term v0.38.0
+	golang.org/x/term v0.40.0
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1
 	gopkg.in/yaml.v3 v3.0.1
 	modernc.org/sqlite v1.44.3
 )
 require (
 	ariga.io/atlas v0.32.1-0.20250325101103-175b25e1c1b9 // indirect
 	dario.cat/mergo v1.0.2 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/DATA-DOG/go-sqlmock v1.5.2 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/andybalholm/brotli v1.2.0 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/bdandy/go-errors v1.2.2 // indirect
 	github.com/bdandy/go-socks4 v1.2.3 // indirect
 	github.com/bmatcuk/doublestar v1.3.4 // indirect
 	github.com/bogdanfinn/fhttp v0.6.8 // indirect
 	github.com/bogdanfinn/quic-go-utls v1.0.9-utls // indirect
 	github.com/bogdanfinn/tls-client v1.14.0 // indirect
 	github.com/bogdanfinn/utls v1.7.7-barnius // indirect
 	github.com/bogdanfinn/websocket v1.5.5-barnius // indirect
 	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
 	github.com/bytedance/sonic v1.9.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
@@ -48,7 +65,6 @@ require (
 	github.com/containerd/platforms v0.2.1 // indirect
 	github.com/cpuguy83/dockercfg v0.3.2 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dgraph-io/ristretto v0.2.0 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/distribution/reference v0.6.0 // indirect
 	github.com/docker/docker v28.5.1+incompatible // indirect
@@ -71,12 +87,10 @@ require (
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/subcommands v1.2.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hashicorp/hcl/v2 v2.18.1 // indirect
 	github.com/icholy/digest v1.1.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.18.2 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.4 // indirect
@@ -85,7 +99,6 @@ require (
 	github.com/magiconair/properties v1.8.10 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/mdelapenya/tlscert v0.2.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
@@ -100,20 +113,15 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/ncruces/go-strftime v1.0.0 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.1 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/pquerna/otp v1.5.0 // indirect
 	github.com/quic-go/qpack v0.6.0 // indirect
 	github.com/quic-go/quic-go v0.57.1 // indirect
 	github.com/refraction-networking/utls v1.8.1 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/robfig/cron/v3 v3.0.1 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
@@ -121,9 +129,9 @@ require (
 	github.com/spaolacci/murmur3 v1.1.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
 	github.com/spf13/cobra v1.7.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tam7t/hpkp v0.0.0-20160821193359-2b70b4024ed5 // indirect
 	github.com/testcontainers/testcontainers-go v0.40.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
@@ -145,16 +153,13 @@ require (
 	go.uber.org/multierr v1.9.0 // indirect
 	golang.org/x/arch v0.3.0 // indirect
 	golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 // indirect
-	golang.org/x/mod v0.30.0 // indirect
+	golang.org/x/mod v0.32.0 // indirect
-	golang.org/x/sys v0.39.0 // indirect
+	golang.org/x/sys v0.41.0 // indirect
-	golang.org/x/text v0.32.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
 	golang.org/x/tools v0.39.0 // indirect
 	golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated // indirect
 	google.golang.org/grpc v1.75.1 // indirect
 	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	modernc.org/libc v1.67.6 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 	modernc.org/sqlite v1.44.1 // indirect
 )
--- a/backend/go.sum
+++ b/backend/go.sum
@@ -10,16 +10,36 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOEl
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
 github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
 github.com/DouDOU-start/go-sora2api v1.1.0 h1:PxWiukK77StiHxEngOFwT1rKUn9oTAJJTl07wQUXwiU=
 github.com/DouDOU-start/go-sora2api v1.1.0/go.mod h1:dcwpethoKfAsMWskDD9iGgc/3yox2tkthPLSMVGnhkE=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
 github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/alitto/pond/v2 v2.6.2 h1:Sphe40g0ILeM1pA2c2K+Th0DGU+pt0A/Kprr+WB24Pw=
 github.com/alitto/pond/v2 v2.6.2/go.mod h1:xkjYEgQ05RSpWdfSd1nM3OVv7TBhLdy7rMp3+2Nq+yE=
 github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ=
 github.com/andybalholm/brotli v1.2.0/go.mod h1:rzTDkvFWvIrjDXZHkuS16NPggd91W3kUSvPlQ1pLaKY=
 github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=
 github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
 github.com/bdandy/go-errors v1.2.2 h1:WdFv/oukjTJCLa79UfkGmwX7ZxONAihKu4V0mLIs11Q=
 github.com/bdandy/go-errors v1.2.2/go.mod h1:NkYHl4Fey9oRRdbB1CoC6e84tuqQHiqrOcZpqFEkBxM=
 github.com/bdandy/go-socks4 v1.2.3 h1:Q6Y2heY1GRjCtHbmlKfnwrKVU/k81LS8mRGLRlmDlic=
 github.com/bdandy/go-socks4 v1.2.3/go.mod h1:98kiVFgpdogR8aIGLWLvjDVZ8XcKPsSI/ypGrO+bqHI=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/bmatcuk/doublestar v1.3.4 h1:gPypJ5xD31uhX6Tf54sDPUOBXTqKH4c9aPY66CyQrS0=
 github.com/bmatcuk/doublestar v1.3.4/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE=
 github.com/bogdanfinn/fhttp v0.6.8 h1:LiQyHOY3i0QoxxNB7nq27/nGNNbtPj0fuBPozhR7Ws4=
 github.com/bogdanfinn/fhttp v0.6.8/go.mod h1:A+EKDzMx2hb4IUbMx4TlkoHnaJEiLl8r/1Ss1Y+5e5M=
 github.com/bogdanfinn/quic-go-utls v1.0.9-utls h1:tV6eDEiRbRCcepALSzxR94JUVD3N3ACIiRLgyc2Ep8s=
 github.com/bogdanfinn/quic-go-utls v1.0.9-utls/go.mod h1:aHph9B9H9yPOt5xnhWKSOum27DJAqpiHzwX+gjvaXcg=
 github.com/bogdanfinn/tls-client v1.14.0 h1:vyk7Cn4BIvLAGVuMfb0tP22OqogfO1lYamquQNEZU1A=
 github.com/bogdanfinn/tls-client v1.14.0/go.mod h1:LsU6mXVn8MOFDwTkyRfI7V1BZM1p0wf2ZfZsICW/1fM=
 github.com/bogdanfinn/utls v1.7.7-barnius h1:OuJ497cc7F3yKNVHRsYPQdGggmk5x6+V5ZlrCR7fOLU=
 github.com/bogdanfinn/utls v1.7.7-barnius/go.mod h1:aAK1VZQlpKZClF1WEQeq6kyclbkPq4hz6xTbB5xSlmg=
 github.com/bogdanfinn/websocket v1.5.5-barnius h1:bY+qnxpai1qe7Jmjx+Sds/cmOSpuuLoR8x61rWltjOI=
 github.com/bogdanfinn/websocket v1.5.5-barnius/go.mod h1:gvvEw6pTKHb7yOiFvIfAFTStQWyrm25BMVCTj5wRSsI=
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI=
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
@@ -46,7 +66,6 @@ github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpS
 github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
 github.com/cpuguy83/dockercfg v0.3.2 h1:DlJTyZGBDlXqUZ2Dk2Q3xHs/FtnooJJVaad2S9GKorA=
 github.com/cpuguy83/dockercfg v0.3.2/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -55,6 +74,8 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgraph-io/ristretto v0.2.0 h1:XAfl+7cmoUDWW/2Lx8TGZQjjxIQ2Ley9DSf52dru4WE=
 github.com/dgraph-io/ristretto v0.2.0/go.mod h1:8uBHCU/PBV4Ag0CJrP47b9Ofby5dqWNh4FicAdoqFNU=
 github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y=
 github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
@@ -113,8 +134,8 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
+github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
-github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
+github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/wire v0.7.0 h1:JxUKI6+CVBgCO2WToKy/nQk0sS+amI9z9EjVmdaocj4=
@@ -123,6 +144,9 @@ github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aN
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 h1:NmZ1PKzSTQbuGHw9DGPFomqkkLWMC+vZCkfs+FHv1Vg=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3/go.mod h1:zQrxl1YP88HQlA6i9c63DSVPFklWpGX4OWAc9bFuaH4=
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
 github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/hcl/v2 v2.18.1 h1:6nxnOJFku1EuSawSD81fuviYUV8DxFr3fp2dUi3ZYSo=
@@ -131,8 +155,6 @@ github.com/icholy/digest v1.1.0 h1:HfGg9Irj7i+IX1o1QAmPfIBNu/Q5A5Tu3n/MED9k9H4=
 github.com/icholy/digest v1.1.0/go.mod h1:QNrsSGQ5v7v9cReDI0+eyjsXGUoRSUZQHeQ5C4XLa0Y=
 github.com/imroc/req/v3 v3.57.0 h1:LMTUjNRUybUkTPn8oJDq8Kg3JRBOBTcnDhKu7mzupKI=
 github.com/imroc/req/v3 v3.57.0/go.mod h1:JL62ey1nvSLq81HORNcosvlf7SxZStONNqOprg0Pz00=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
@@ -168,9 +190,6 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
 github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-sqlite3 v1.14.17 h1:mCRHCLDUBXgpKAqIKsaAaAsrAlbkeomtRFKXh2L6YIM=
 github.com/mattn/go-sqlite3 v1.14.17/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
 github.com/mdelapenya/tlscert v0.2.0 h1:7H81W6Z/4weDvZBNOfQte5GpIMo0lGYEeWbkGp5LJHI=
@@ -204,12 +223,12 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w=
 github.com/ncruces/go-strftime v1.0.0/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
 github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
 github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -229,17 +248,14 @@ github.com/quic-go/quic-go v0.57.1 h1:25KAAR9QR8KZrCZRThWMKVAwGoiHIrNbT72ULHTuI1
 github.com/quic-go/quic-go v0.57.1/go.mod h1:ly4QBAjHA2VhdnxhojRsCUOeJwKYg+taDlos92xb1+s=
 github.com/redis/go-redis/v9 v9.17.2 h1:P2EGsA4qVIM3Pp+aPocCJ7DguDHhqrXNhVcEp4ViluI=
 github.com/redis/go-redis/v9 v9.17.2/go.mod h1:u410H11HMLoB+TP67dz8rL9s6QW2j76l0//kSOd3370=
-github.com/refraction-networking/utls v1.8.1 h1:yNY1kapmQU8JeM1sSw2H2asfTIwWxIkrMJI0pRUOCAo=
+github.com/refraction-networking/utls v1.8.2 h1:j4Q1gJj0xngdeH+Ox/qND11aEfhpgoEvV+S9iJ2IdQo=
-github.com/refraction-networking/utls v1.8.1/go.mod h1:jkSOEkLqn+S/jtpEHPOsVv/4V4EVnelwbMQl4vCWXAM=
+github.com/refraction-networking/utls v1.8.2/go.mod h1:jkSOEkLqn+S/jtpEHPOsVv/4V4EVnelwbMQl4vCWXAM=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
 github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
 github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
 github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
@@ -258,8 +274,6 @@ github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
 github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
 github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
 github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
 github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
 github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ=
@@ -281,6 +295,8 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/tam7t/hpkp v0.0.0-20160821193359-2b70b4024ed5 h1:YqAladjX7xpA6BM04leXMWAEjS0mTZ5kUU9KRBriQJc=
 github.com/tam7t/hpkp v0.0.0-20160821193359-2b70b4024ed5/go.mod h1:2JjD2zLQYH5HO74y5+aE3remJQvl6q4Sn6aWA2wD1Ng=
 github.com/testcontainers/testcontainers-go v0.40.0 h1:pSdJYLOVgLE8YdUY2FHQ1Fxu+aMnb6JfVz1mxk7OeMU=
 github.com/testcontainers/testcontainers-go v0.40.0/go.mod h1:FSXV5KQtX2HAMlm7U3APNyLkkap35zNLxukw9oBi/MY=
 github.com/testcontainers/testcontainers-go/modules/postgres v0.40.0 h1:s2bIayFXlbDFexo96y+htn7FzuhpXLYJNnIuglNKqOk=
@@ -336,27 +352,32 @@ go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
 go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
 go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
 go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
 go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
 go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
 go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/arch v0.3.0 h1:02VY4/ZcO/gBOH6PUaoiptASxtXU10jazRCP865E97k=
 golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
-golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
+golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
-golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
+golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
 golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2wtOnGAHZWCHUM4KGzY=
 golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70=
-golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
+golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c=
-golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
+golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU=
-golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.0.0-20211104170005-ce137452f963/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
+golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
 golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
 golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
 golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -364,21 +385,19 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
-golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
+golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg=
-golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM=
-golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
 golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
 golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
 golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
-golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
+golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc=
-golang.org/x/tools/go/expect v0.1.0-deprecated h1:jY2C5HGYR5lqex3gEniOQL0r7Dq5+VGVgY1nudX5lXY=
+golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg=
 golang.org/x/tools/go/expect v0.1.0-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY=
 golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM=
 golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM=
 golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated/go.mod h1:RVAQXBGNv1ib0J382/DPCRS/BPnsGebyM1Gj5VSDpG8=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ=
 google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4 h1:8XJ4pajGwOlasW+L13MnEGA8W4115jJySQtVfS2/IBU=
@@ -394,17 +413,39 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
 gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
 modernc.org/cc/v4 v4.27.1 h1:9W30zRlYrefrDV2JE2O8VDtJ1yPGownxciz5rrbQZis=
 modernc.org/cc/v4 v4.27.1/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
 modernc.org/ccgo/v4 v4.30.1 h1:4r4U1J6Fhj98NKfSjnPUN7Ze2c6MnAdL0hWw6+LrJpc=
 modernc.org/ccgo/v4 v4.30.1/go.mod h1:bIOeI1JL54Utlxn+LwrFyjCx2n2RDiYEaJVSrgdrRfM=
 modernc.org/fileutil v1.3.40 h1:ZGMswMNc9JOCrcrakF1HrvmergNLAmxOPjizirpfqBA=
 modernc.org/fileutil v1.3.40/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
 modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
 modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
 modernc.org/gc/v3 v3.1.1 h1:k8T3gkXWY9sEiytKhcgyiZ2L0DTyCQ/nvX+LoCljoRE=
 modernc.org/gc/v3 v3.1.1/go.mod h1:HFK/6AGESC7Ex+EZJhJ2Gni6cTaYpSMmU/cT9RmlfYY=
 modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks=
 modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI=
 modernc.org/libc v1.67.6 h1:eVOQvpModVLKOdT+LvBPjdQqfrZq+pC39BygcT+E7OI=
 modernc.org/libc v1.67.6/go.mod h1:JAhxUVlolfYDErnwiqaLvUqc8nfb2r6S6slAgZOnaiE=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
 modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
 modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
-modernc.org/sqlite v1.44.1 h1:qybx/rNpfQipX/t47OxbHmkkJuv2JWifCMH8SVUiDas=
+modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
-modernc.org/sqlite v1.44.1/go.mod h1:CzbrU2lSB1DKUusvwGz7rqEKIq+NUd8GWuBBZDs9/nA=
+modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
 modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
 modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
 modernc.org/sqlite v1.44.3 h1:+39JvV/HWMcYslAwRxHb8067w+2zowvFOUrOWIy9PjY=
 modernc.org/sqlite v1.44.3/go.mod h1:CzbrU2lSB1DKUusvwGz7rqEKIq+NUd8GWuBBZDs9/nA=
 modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
 modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
--- a/backend/internal/config/config.go
+++ b/backend/internal/config/config.go
--- a/backend/internal/config/config_test.go
+++ b/backend/internal/config/config_test.go
@@ -8,6 +8,25 @@ import (
 	"github.com/spf13/viper"
 )
 func resetViperWithJWTSecret(t *testing.T) {
 	t.Helper()
 	viper.Reset()
 	t.Setenv("JWT_SECRET", strings.Repeat("x", 32))
 }
 func TestLoadForBootstrapAllowsMissingJWTSecret(t *testing.T) {
 	viper.Reset()
 	t.Setenv("JWT_SECRET", "")
 	cfg, err := LoadForBootstrap()
 	if err != nil {
 		t.Fatalf("LoadForBootstrap() error: %v", err)
 	}
 	if cfg.JWT.Secret != "" {
 		t.Fatalf("LoadForBootstrap() should keep empty jwt.secret during bootstrap")
 	}
 }
 func TestNormalizeRunMode(t *testing.T) {
 	tests := []struct {
 		input    string
@@ -29,7 +48,7 @@ func TestNormalizeRunMode(t *testing.T) {
 }
 func TestLoadDefaultSchedulingConfig(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
@@ -56,8 +75,44 @@ func TestLoadDefaultSchedulingConfig(t *testing.T) {
 	}
 }
 func TestLoadDefaultIdempotencyConfig(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	if !cfg.Idempotency.ObserveOnly {
 		t.Fatalf("Idempotency.ObserveOnly = false, want true")
 	}
 	if cfg.Idempotency.DefaultTTLSeconds != 86400 {
 		t.Fatalf("Idempotency.DefaultTTLSeconds = %d, want 86400", cfg.Idempotency.DefaultTTLSeconds)
 	}
 	if cfg.Idempotency.SystemOperationTTLSeconds != 3600 {
 		t.Fatalf("Idempotency.SystemOperationTTLSeconds = %d, want 3600", cfg.Idempotency.SystemOperationTTLSeconds)
 	}
 }
 func TestLoadIdempotencyConfigFromEnv(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	t.Setenv("IDEMPOTENCY_OBSERVE_ONLY", "false")
 	t.Setenv("IDEMPOTENCY_DEFAULT_TTL_SECONDS", "600")
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	if cfg.Idempotency.ObserveOnly {
 		t.Fatalf("Idempotency.ObserveOnly = true, want false")
 	}
 	if cfg.Idempotency.DefaultTTLSeconds != 600 {
 		t.Fatalf("Idempotency.DefaultTTLSeconds = %d, want 600", cfg.Idempotency.DefaultTTLSeconds)
 	}
 }
 func TestLoadSchedulingConfigFromEnv(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	t.Setenv("GATEWAY_SCHEDULING_STICKY_SESSION_MAX_WAITING", "5")
 	cfg, err := Load()
@@ -71,7 +126,7 @@ func TestLoadSchedulingConfigFromEnv(t *testing.T) {
 }
 func TestLoadDefaultSecurityToggles(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
@@ -87,13 +142,69 @@ func TestLoadDefaultSecurityToggles(t *testing.T) {
 	if !cfg.Security.URLAllowlist.AllowPrivateHosts {
 		t.Fatalf("URLAllowlist.AllowPrivateHosts = false, want true")
 	}
-	if cfg.Security.ResponseHeaders.Enabled {
+	if !cfg.Security.ResponseHeaders.Enabled {
-		t.Fatalf("ResponseHeaders.Enabled = true, want false")
+		t.Fatalf("ResponseHeaders.Enabled = false, want true")
 	}
 }
 func TestLoadDefaultServerMode(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	if cfg.Server.Mode != "release" {
 		t.Fatalf("Server.Mode = %q, want %q", cfg.Server.Mode, "release")
 	}
 }
 func TestLoadDefaultJWTAccessTokenExpireMinutes(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	if cfg.JWT.ExpireHour != 24 {
 		t.Fatalf("JWT.ExpireHour = %d, want 24", cfg.JWT.ExpireHour)
 	}
 	if cfg.JWT.AccessTokenExpireMinutes != 0 {
 		t.Fatalf("JWT.AccessTokenExpireMinutes = %d, want 0", cfg.JWT.AccessTokenExpireMinutes)
 	}
 }
 func TestLoadJWTAccessTokenExpireMinutesFromEnv(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	t.Setenv("JWT_ACCESS_TOKEN_EXPIRE_MINUTES", "90")
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	if cfg.JWT.AccessTokenExpireMinutes != 90 {
 		t.Fatalf("JWT.AccessTokenExpireMinutes = %d, want 90", cfg.JWT.AccessTokenExpireMinutes)
 	}
 }
 func TestLoadDefaultDatabaseSSLMode(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	if cfg.Database.SSLMode != "prefer" {
 		t.Fatalf("Database.SSLMode = %q, want %q", cfg.Database.SSLMode, "prefer")
 	}
 }
 func TestValidateLinuxDoFrontendRedirectURL(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
@@ -118,7 +229,7 @@ func TestValidateLinuxDoFrontendRedirectURL(t *testing.T) {
 }
 func TestValidateLinuxDoPKCERequiredForPublicClient(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
@@ -143,7 +254,7 @@ func TestValidateLinuxDoPKCERequiredForPublicClient(t *testing.T) {
 }
 func TestLoadDefaultDashboardCacheConfig(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
@@ -168,7 +279,7 @@ func TestLoadDefaultDashboardCacheConfig(t *testing.T) {
 }
 func TestValidateDashboardCacheConfigEnabled(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
@@ -188,7 +299,7 @@ func TestValidateDashboardCacheConfigEnabled(t *testing.T) {
 }
 func TestValidateDashboardCacheConfigDisabled(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
@@ -207,7 +318,7 @@ func TestValidateDashboardCacheConfigDisabled(t *testing.T) {
 }
 func TestLoadDefaultDashboardAggregationConfig(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
@@ -244,7 +355,7 @@ func TestLoadDefaultDashboardAggregationConfig(t *testing.T) {
 }
 func TestValidateDashboardAggregationConfigDisabled(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
@@ -263,7 +374,7 @@ func TestValidateDashboardAggregationConfigDisabled(t *testing.T) {
 }
 func TestValidateDashboardAggregationBackfillMaxDays(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
@@ -282,7 +393,7 @@ func TestValidateDashboardAggregationBackfillMaxDays(t *testing.T) {
 }
 func TestLoadDefaultUsageCleanupConfig(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
@@ -307,7 +418,7 @@ func TestLoadDefaultUsageCleanupConfig(t *testing.T) {
 }
 func TestValidateUsageCleanupConfigEnabled(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
@@ -326,7 +437,7 @@ func TestValidateUsageCleanupConfigEnabled(t *testing.T) {
 }
 func TestValidateUsageCleanupConfigDisabled(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
@@ -424,6 +535,40 @@ func TestValidateAbsoluteHTTPURL(t *testing.T) {
 	}
 }
 func TestValidateServerFrontendURL(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	cfg.Server.FrontendURL = "https://example.com"
 	if err := cfg.Validate(); err != nil {
 		t.Fatalf("Validate() frontend_url valid error: %v", err)
 	}
 	cfg.Server.FrontendURL = "https://example.com/path"
 	if err := cfg.Validate(); err != nil {
 		t.Fatalf("Validate() frontend_url with path valid error: %v", err)
 	}
 	cfg.Server.FrontendURL = "https://example.com?utm=1"
 	if err := cfg.Validate(); err == nil {
 		t.Fatalf("Validate() should reject server.frontend_url with query")
 	}
 	cfg.Server.FrontendURL = "https://user:pass@example.com"
 	if err := cfg.Validate(); err == nil {
 		t.Fatalf("Validate() should reject server.frontend_url with userinfo")
 	}
 	cfg.Server.FrontendURL = "/relative"
 	if err := cfg.Validate(); err == nil {
 		t.Fatalf("Validate() should reject relative server.frontend_url")
 	}
 }
 func TestValidateFrontendRedirectURL(t *testing.T) {
 	if err := ValidateFrontendRedirectURL("/auth/callback"); err != nil {
 		t.Fatalf("ValidateFrontendRedirectURL relative error: %v", err)
@@ -445,6 +590,7 @@ func TestValidateFrontendRedirectURL(t *testing.T) {
 func TestWarnIfInsecureURL(t *testing.T) {
 	warnIfInsecureURL("test", "http://example.com")
 	warnIfInsecureURL("test", "bad://url")
 	warnIfInsecureURL("test", "://invalid")
 }
 func TestGenerateJWTSecretDefaultLength(t *testing.T) {
@@ -458,7 +604,7 @@ func TestGenerateJWTSecretDefaultLength(t *testing.T) {
 }
 func TestValidateOpsCleanupScheduleRequired(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
@@ -476,7 +622,7 @@ func TestValidateOpsCleanupScheduleRequired(t *testing.T) {
 }
 func TestValidateConcurrencyPingInterval(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
@@ -493,14 +639,14 @@ func TestValidateConcurrencyPingInterval(t *testing.T) {
 }
 func TestProvideConfig(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	if _, err := ProvideConfig(); err != nil {
 		t.Fatalf("ProvideConfig() error: %v", err)
 	}
 }
 func TestValidateConfigWithLinuxDoEnabled(t *testing.T) {
-	viper.Reset()
+	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
@@ -544,6 +690,24 @@ func TestGenerateJWTSecretWithLength(t *testing.T) {
 	}
 }
 func TestDatabaseDSNWithTimezone_WithPassword(t *testing.T) {
 	d := &DatabaseConfig{
 		Host:     "localhost",
 		Port:     5432,
 		User:     "u",
 		Password: "p",
 		DBName:   "db",
 		SSLMode:  "prefer",
 	}
 	got := d.DSNWithTimezone("UTC")
 	if !strings.Contains(got, "password=p") {
 		t.Fatalf("DSNWithTimezone should include password: %q", got)
 	}
 	if !strings.Contains(got, "TimeZone=UTC") {
 		t.Fatalf("DSNWithTimezone should include TimeZone=UTC: %q", got)
 	}
 }
 func TestValidateAbsoluteHTTPURLMissingHost(t *testing.T) {
 	if err := ValidateAbsoluteHTTPURL("https://"); err == nil {
 		t.Fatalf("ValidateAbsoluteHTTPURL should reject missing host")
@@ -566,10 +730,35 @@ func TestWarnIfInsecureURLHTTPS(t *testing.T) {
 	warnIfInsecureURL("secure", "https://example.com")
 }
 func TestValidateJWTSecret_UTF8Bytes(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	// 31 bytes (< 32) even though it's 31 characters.
 	cfg.JWT.Secret = strings.Repeat("a", 31)
 	err = cfg.Validate()
 	if err == nil {
 		t.Fatalf("Validate() should reject 31-byte secret")
 	}
 	if !strings.Contains(err.Error(), "at least 32 bytes") {
 		t.Fatalf("Validate() error = %v", err)
 	}
 	// 32 bytes OK.
 	cfg.JWT.Secret = strings.Repeat("a", 32)
 	err = cfg.Validate()
 	if err != nil {
 		t.Fatalf("Validate() should accept 32-byte secret: %v", err)
 	}
 }
 func TestValidateConfigErrors(t *testing.T) {
 	buildValid := func(t *testing.T) *Config {
 		t.Helper()
-		viper.Reset()
+		resetViperWithJWTSecret(t)
 		cfg, err := Load()
 		if err != nil {
 			t.Fatalf("Load() error: %v", err)
@@ -582,6 +771,26 @@ func TestValidateConfigErrors(t *testing.T) {
 		mutate  func(*Config)
 		wantErr string
 	}{
 		{
 			name:    "jwt secret required",
 			mutate:  func(c *Config) { c.JWT.Secret = "" },
 			wantErr: "jwt.secret is required",
 		},
 		{
 			name:    "jwt secret min bytes",
 			mutate:  func(c *Config) { c.JWT.Secret = strings.Repeat("a", 31) },
 			wantErr: "jwt.secret must be at least 32 bytes",
 		},
 		{
 			name:    "subscription maintenance worker_count non-negative",
 			mutate:  func(c *Config) { c.SubscriptionMaintenance.WorkerCount = -1 },
 			wantErr: "subscription_maintenance.worker_count",
 		},
 		{
 			name:    "subscription maintenance queue_size non-negative",
 			mutate:  func(c *Config) { c.SubscriptionMaintenance.QueueSize = -1 },
 			wantErr: "subscription_maintenance.queue_size",
 		},
 		{
 			name:    "jwt expire hour positive",
 			mutate:  func(c *Config) { c.JWT.ExpireHour = 0 },
@@ -592,6 +801,11 @@ func TestValidateConfigErrors(t *testing.T) {
 			mutate:  func(c *Config) { c.JWT.ExpireHour = 200 },
 			wantErr: "jwt.expire_hour must be <= 168",
 		},
 		{
 			name:    "jwt access token expire minutes non-negative",
 			mutate:  func(c *Config) { c.JWT.AccessTokenExpireMinutes = -1 },
 			wantErr: "jwt.access_token_expire_minutes must be non-negative",
 		},
 		{
 			name:    "csp policy required",
 			mutate:  func(c *Config) { c.Security.CSP.Enabled = true; c.Security.CSP.Policy = "" },
@@ -799,6 +1013,84 @@ func TestValidateConfigErrors(t *testing.T) {
 			mutate:  func(c *Config) { c.Gateway.MaxLineSize = -1 },
 			wantErr: "gateway.max_line_size must be non-negative",
 		},
 		{
 			name:    "gateway usage record worker count",
 			mutate:  func(c *Config) { c.Gateway.UsageRecord.WorkerCount = 0 },
 			wantErr: "gateway.usage_record.worker_count",
 		},
 		{
 			name:    "gateway usage record queue size",
 			mutate:  func(c *Config) { c.Gateway.UsageRecord.QueueSize = 0 },
 			wantErr: "gateway.usage_record.queue_size",
 		},
 		{
 			name:    "gateway usage record timeout",
 			mutate:  func(c *Config) { c.Gateway.UsageRecord.TaskTimeoutSeconds = 0 },
 			wantErr: "gateway.usage_record.task_timeout_seconds",
 		},
 		{
 			name:    "gateway usage record overflow policy",
 			mutate:  func(c *Config) { c.Gateway.UsageRecord.OverflowPolicy = "invalid" },
 			wantErr: "gateway.usage_record.overflow_policy",
 		},
 		{
 			name:    "gateway usage record sample percent range",
 			mutate:  func(c *Config) { c.Gateway.UsageRecord.OverflowSamplePercent = 101 },
 			wantErr: "gateway.usage_record.overflow_sample_percent",
 		},
 		{
 			name: "gateway usage record sample percent required for sample policy",
 			mutate: func(c *Config) {
 				c.Gateway.UsageRecord.OverflowPolicy = UsageRecordOverflowPolicySample
 				c.Gateway.UsageRecord.OverflowSamplePercent = 0
 			},
 			wantErr: "gateway.usage_record.overflow_sample_percent must be positive",
 		},
 		{
 			name: "gateway usage record auto scale max gte min",
 			mutate: func(c *Config) {
 				c.Gateway.UsageRecord.AutoScaleMinWorkers = 256
 				c.Gateway.UsageRecord.AutoScaleMaxWorkers = 128
 			},
 			wantErr: "gateway.usage_record.auto_scale_max_workers",
 		},
 		{
 			name: "gateway usage record worker in auto scale range",
 			mutate: func(c *Config) {
 				c.Gateway.UsageRecord.AutoScaleMinWorkers = 200
 				c.Gateway.UsageRecord.AutoScaleMaxWorkers = 300
 				c.Gateway.UsageRecord.WorkerCount = 128
 			},
 			wantErr: "gateway.usage_record.worker_count must be between auto_scale_min_workers and auto_scale_max_workers",
 		},
 		{
 			name: "gateway usage record auto scale queue thresholds order",
 			mutate: func(c *Config) {
 				c.Gateway.UsageRecord.AutoScaleUpQueuePercent = 50
 				c.Gateway.UsageRecord.AutoScaleDownQueuePercent = 50
 			},
 			wantErr: "gateway.usage_record.auto_scale_down_queue_percent must be less",
 		},
 		{
 			name:    "gateway usage record auto scale up step",
 			mutate:  func(c *Config) { c.Gateway.UsageRecord.AutoScaleUpStep = 0 },
 			wantErr: "gateway.usage_record.auto_scale_up_step",
 		},
 		{
 			name:    "gateway usage record auto scale interval",
 			mutate:  func(c *Config) { c.Gateway.UsageRecord.AutoScaleCheckIntervalSeconds = 0 },
 			wantErr: "gateway.usage_record.auto_scale_check_interval_seconds",
 		},
 		{
 			name:    "gateway user group rate cache ttl",
 			mutate:  func(c *Config) { c.Gateway.UserGroupRateCacheTTLSeconds = 0 },
 			wantErr: "gateway.user_group_rate_cache_ttl_seconds",
 		},
 		{
 			name:    "gateway models list cache ttl range",
 			mutate:  func(c *Config) { c.Gateway.ModelsListCacheTTLSeconds = 31 },
 			wantErr: "gateway.models_list_cache_ttl_seconds",
 		},
 		{
 			name:    "gateway scheduling sticky waiting",
 			mutate:  func(c *Config) { c.Gateway.Scheduling.StickySessionMaxWaiting = 0 },
@@ -822,6 +1114,37 @@ func TestValidateConfigErrors(t *testing.T) {
 			},
 			wantErr: "gateway.scheduling.outbox_lag_rebuild_seconds",
 		},
 		{
 			name:    "log level invalid",
 			mutate:  func(c *Config) { c.Log.Level = "trace" },
 			wantErr: "log.level",
 		},
 		{
 			name:    "log format invalid",
 			mutate:  func(c *Config) { c.Log.Format = "plain" },
 			wantErr: "log.format",
 		},
 		{
 			name: "log output disabled",
 			mutate: func(c *Config) {
 				c.Log.Output.ToStdout = false
 				c.Log.Output.ToFile = false
 			},
 			wantErr: "log.output.to_stdout and log.output.to_file cannot both be false",
 		},
 		{
 			name:    "log rotation size",
 			mutate:  func(c *Config) { c.Log.Rotation.MaxSizeMB = 0 },
 			wantErr: "log.rotation.max_size_mb",
 		},
 		{
 			name: "log sampling enabled invalid",
 			mutate: func(c *Config) {
 				c.Log.Sampling.Enabled = true
 				c.Log.Sampling.Initial = 0
 			},
 			wantErr: "log.sampling.initial",
 		},
 		{
 			name:    "ops metrics collector ttl",
 			mutate:  func(c *Config) { c.Ops.MetricsCollectorCache.TTL = -1 },
@@ -850,3 +1173,234 @@ func TestValidateConfigErrors(t *testing.T) {
 		})
 	}
 }
 func TestValidateConfig_AutoScaleDisabledIgnoreAutoScaleFields(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	cfg.Gateway.UsageRecord.AutoScaleEnabled = false
 	cfg.Gateway.UsageRecord.WorkerCount = 64
 	// 自动扩缩容关闭时，这些字段应被忽略，不应导致校验失败。
 	cfg.Gateway.UsageRecord.AutoScaleMinWorkers = 0
 	cfg.Gateway.UsageRecord.AutoScaleMaxWorkers = 0
 	cfg.Gateway.UsageRecord.AutoScaleUpQueuePercent = 0
 	cfg.Gateway.UsageRecord.AutoScaleDownQueuePercent = 100
 	cfg.Gateway.UsageRecord.AutoScaleUpStep = 0
 	cfg.Gateway.UsageRecord.AutoScaleDownStep = 0
 	cfg.Gateway.UsageRecord.AutoScaleCheckIntervalSeconds = 0
 	cfg.Gateway.UsageRecord.AutoScaleCooldownSeconds = -1
 	if err := cfg.Validate(); err != nil {
 		t.Fatalf("Validate() should ignore auto scale fields when disabled: %v", err)
 	}
 }
 func TestValidateConfig_LogRequiredAndRotationBounds(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cases := []struct {
 		name    string
 		mutate  func(*Config)
 		wantErr string
 	}{
 		{
 			name: "log level required",
 			mutate: func(c *Config) {
 				c.Log.Level = ""
 			},
 			wantErr: "log.level is required",
 		},
 		{
 			name: "log format required",
 			mutate: func(c *Config) {
 				c.Log.Format = ""
 			},
 			wantErr: "log.format is required",
 		},
 		{
 			name: "log stacktrace required",
 			mutate: func(c *Config) {
 				c.Log.StacktraceLevel = ""
 			},
 			wantErr: "log.stacktrace_level is required",
 		},
 		{
 			name: "log max backups non-negative",
 			mutate: func(c *Config) {
 				c.Log.Rotation.MaxBackups = -1
 			},
 			wantErr: "log.rotation.max_backups must be non-negative",
 		},
 		{
 			name: "log max age non-negative",
 			mutate: func(c *Config) {
 				c.Log.Rotation.MaxAgeDays = -1
 			},
 			wantErr: "log.rotation.max_age_days must be non-negative",
 		},
 		{
 			name: "sampling thereafter non-negative when disabled",
 			mutate: func(c *Config) {
 				c.Log.Sampling.Enabled = false
 				c.Log.Sampling.Thereafter = -1
 			},
 			wantErr: "log.sampling.thereafter must be non-negative",
 		},
 	}
 	for _, tt := range cases {
 		t.Run(tt.name, func(t *testing.T) {
 			cfg, err := Load()
 			if err != nil {
 				t.Fatalf("Load() error: %v", err)
 			}
 			tt.mutate(cfg)
 			err = cfg.Validate()
 			if err == nil || !strings.Contains(err.Error(), tt.wantErr) {
 				t.Fatalf("Validate() error = %v, want %q", err, tt.wantErr)
 			}
 		})
 	}
 }
 func TestSoraCurlCFFISidecarDefaults(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	if !cfg.Sora.Client.CurlCFFISidecar.Enabled {
 		t.Fatalf("Sora curl_cffi sidecar should be enabled by default")
 	}
 	if cfg.Sora.Client.CloudflareChallengeCooldownSeconds <= 0 {
 		t.Fatalf("Sora cloudflare challenge cooldown should be positive by default")
 	}
 	if cfg.Sora.Client.CurlCFFISidecar.BaseURL == "" {
 		t.Fatalf("Sora curl_cffi sidecar base_url should not be empty by default")
 	}
 	if cfg.Sora.Client.CurlCFFISidecar.Impersonate == "" {
 		t.Fatalf("Sora curl_cffi sidecar impersonate should not be empty by default")
 	}
 	if !cfg.Sora.Client.CurlCFFISidecar.SessionReuseEnabled {
 		t.Fatalf("Sora curl_cffi sidecar session reuse should be enabled by default")
 	}
 	if cfg.Sora.Client.CurlCFFISidecar.SessionTTLSeconds <= 0 {
 		t.Fatalf("Sora curl_cffi sidecar session ttl should be positive by default")
 	}
 }
 func TestValidateSoraCurlCFFISidecarRequired(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	cfg.Sora.Client.CurlCFFISidecar.Enabled = false
 	err = cfg.Validate()
 	if err == nil || !strings.Contains(err.Error(), "sora.client.curl_cffi_sidecar.enabled must be true") {
 		t.Fatalf("Validate() error = %v, want sidecar enabled error", err)
 	}
 }
 func TestValidateSoraCurlCFFISidecarBaseURLRequired(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	cfg.Sora.Client.CurlCFFISidecar.BaseURL = "   "
 	err = cfg.Validate()
 	if err == nil || !strings.Contains(err.Error(), "sora.client.curl_cffi_sidecar.base_url is required") {
 		t.Fatalf("Validate() error = %v, want sidecar base_url required error", err)
 	}
 }
 func TestValidateSoraCurlCFFISidecarSessionTTLNonNegative(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	cfg.Sora.Client.CurlCFFISidecar.SessionTTLSeconds = -1
 	err = cfg.Validate()
 	if err == nil || !strings.Contains(err.Error(), "sora.client.curl_cffi_sidecar.session_ttl_seconds must be non-negative") {
 		t.Fatalf("Validate() error = %v, want sidecar session ttl error", err)
 	}
 }
 func TestValidateSoraCloudflareChallengeCooldownNonNegative(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	cfg.Sora.Client.CloudflareChallengeCooldownSeconds = -1
 	err = cfg.Validate()
 	if err == nil || !strings.Contains(err.Error(), "sora.client.cloudflare_challenge_cooldown_seconds must be non-negative") {
 		t.Fatalf("Validate() error = %v, want cloudflare cooldown error", err)
 	}
 }
 func TestLoad_DefaultGatewayUsageRecordConfig(t *testing.T) {
 	resetViperWithJWTSecret(t)
 	cfg, err := Load()
 	if err != nil {
 		t.Fatalf("Load() error: %v", err)
 	}
 	if cfg.Gateway.UsageRecord.WorkerCount != 128 {
 		t.Fatalf("worker_count = %d, want 128", cfg.Gateway.UsageRecord.WorkerCount)
 	}
 	if cfg.Gateway.UsageRecord.QueueSize != 16384 {
 		t.Fatalf("queue_size = %d, want 16384", cfg.Gateway.UsageRecord.QueueSize)
 	}
 	if cfg.Gateway.UsageRecord.TaskTimeoutSeconds != 5 {
 		t.Fatalf("task_timeout_seconds = %d, want 5", cfg.Gateway.UsageRecord.TaskTimeoutSeconds)
 	}
 	if cfg.Gateway.UsageRecord.OverflowPolicy != UsageRecordOverflowPolicySample {
 		t.Fatalf("overflow_policy = %s, want %s", cfg.Gateway.UsageRecord.OverflowPolicy, UsageRecordOverflowPolicySample)
 	}
 	if cfg.Gateway.UsageRecord.OverflowSamplePercent != 10 {
 		t.Fatalf("overflow_sample_percent = %d, want 10", cfg.Gateway.UsageRecord.OverflowSamplePercent)
 	}
 	if !cfg.Gateway.UsageRecord.AutoScaleEnabled {
 		t.Fatalf("auto_scale_enabled = false, want true")
 	}
 	if cfg.Gateway.UsageRecord.AutoScaleMinWorkers != 128 {
 		t.Fatalf("auto_scale_min_workers = %d, want 128", cfg.Gateway.UsageRecord.AutoScaleMinWorkers)
 	}
 	if cfg.Gateway.UsageRecord.AutoScaleMaxWorkers != 512 {
 		t.Fatalf("auto_scale_max_workers = %d, want 512", cfg.Gateway.UsageRecord.AutoScaleMaxWorkers)
 	}
 	if cfg.Gateway.UsageRecord.AutoScaleUpQueuePercent != 70 {
 		t.Fatalf("auto_scale_up_queue_percent = %d, want 70", cfg.Gateway.UsageRecord.AutoScaleUpQueuePercent)
 	}
 	if cfg.Gateway.UsageRecord.AutoScaleDownQueuePercent != 15 {
 		t.Fatalf("auto_scale_down_queue_percent = %d, want 15", cfg.Gateway.UsageRecord.AutoScaleDownQueuePercent)
 	}
 	if cfg.Gateway.UsageRecord.AutoScaleUpStep != 32 {
 		t.Fatalf("auto_scale_up_step = %d, want 32", cfg.Gateway.UsageRecord.AutoScaleUpStep)
 	}
 	if cfg.Gateway.UsageRecord.AutoScaleDownStep != 16 {
 		t.Fatalf("auto_scale_down_step = %d, want 16", cfg.Gateway.UsageRecord.AutoScaleDownStep)
 	}
 	if cfg.Gateway.UsageRecord.AutoScaleCheckIntervalSeconds != 3 {
 		t.Fatalf("auto_scale_check_interval_seconds = %d, want 3", cfg.Gateway.UsageRecord.AutoScaleCheckIntervalSeconds)
 	}
 	if cfg.Gateway.UsageRecord.AutoScaleCooldownSeconds != 10 {
 		t.Fatalf("auto_scale_cooldown_seconds = %d, want 10", cfg.Gateway.UsageRecord.AutoScaleCooldownSeconds)
 	}
 }
--- a/backend/internal/config/wire.go
+++ b/backend/internal/config/wire.go
@@ -9,5 +9,5 @@ var ProviderSet = wire.NewSet(
 // ProvideConfig 提供应用配置
 func ProvideConfig() (*Config, error) {
-	return Load()
+	return LoadForBootstrap()
 }
--- a/backend/internal/domain/announcement.go
+++ b/backend/internal/domain/announcement.go
@@ -0,0 +1,226 @@
 package domain
 import (
 	"strings"
 	"time"
 	infraerrors "github.com/Wei-Shaw/sub2api/internal/pkg/errors"
 )
 const (
 	AnnouncementStatusDraft    = "draft"
 	AnnouncementStatusActive   = "active"
 	AnnouncementStatusArchived = "archived"
 )
 const (
 	AnnouncementConditionTypeSubscription = "subscription"
 	AnnouncementConditionTypeBalance      = "balance"
 )
 const (
 	AnnouncementOperatorIn  = "in"
 	AnnouncementOperatorGT  = "gt"
 	AnnouncementOperatorGTE = "gte"
 	AnnouncementOperatorLT  = "lt"
 	AnnouncementOperatorLTE = "lte"
 	AnnouncementOperatorEQ  = "eq"
 )
 var (
 	ErrAnnouncementNotFound      = infraerrors.NotFound("ANNOUNCEMENT_NOT_FOUND", "announcement not found")
 	ErrAnnouncementInvalidTarget = infraerrors.BadRequest("ANNOUNCEMENT_INVALID_TARGET", "invalid announcement targeting rules")
 )
 type AnnouncementTargeting struct {
 	// AnyOf 表示 OR：任意一个条件组满足即可展示。
 	AnyOf []AnnouncementConditionGroup `json:"any_of,omitempty"`
 }
 type AnnouncementConditionGroup struct {
 	// AllOf 表示 AND：组内所有条件都满足才算命中该组。
 	AllOf []AnnouncementCondition `json:"all_of,omitempty"`
 }
 type AnnouncementCondition struct {
 	// Type: subscription | balance
 	Type string `json:"type"`
 	// Operator:
 	// - subscription: in
 	// - balance: gt/gte/lt/lte/eq
 	Operator string `json:"operator"`
 	// subscription 条件：匹配的订阅套餐（group_id）
 	GroupIDs []int64 `json:"group_ids,omitempty"`
 	// balance 条件：比较阈值
 	Value float64 `json:"value,omitempty"`
 }
 func (t AnnouncementTargeting) Matches(balance float64, activeSubscriptionGroupIDs map[int64]struct{}) bool {
 	// 空规则：展示给所有用户
 	if len(t.AnyOf) == 0 {
 		return true
 	}
 	for _, group := range t.AnyOf {
 		if len(group.AllOf) == 0 {
 			// 空条件组不命中（避免 OR 中出现无条件 “全命中”）
 			continue
 		}
 		allMatched := true
 		for _, cond := range group.AllOf {
 			if !cond.Matches(balance, activeSubscriptionGroupIDs) {
 				allMatched = false
 				break
 			}
 		}
 		if allMatched {
 			return true
 		}
 	}
 	return false
 }
 func (c AnnouncementCondition) Matches(balance float64, activeSubscriptionGroupIDs map[int64]struct{}) bool {
 	switch c.Type {
 	case AnnouncementConditionTypeSubscription:
 		if c.Operator != AnnouncementOperatorIn {
 			return false
 		}
 		if len(c.GroupIDs) == 0 {
 			return false
 		}
 		if len(activeSubscriptionGroupIDs) == 0 {
 			return false
 		}
 		for _, gid := range c.GroupIDs {
 			if _, ok := activeSubscriptionGroupIDs[gid]; ok {
 				return true
 			}
 		}
 		return false
 	case AnnouncementConditionTypeBalance:
 		switch c.Operator {
 		case AnnouncementOperatorGT:
 			return balance > c.Value
 		case AnnouncementOperatorGTE:
 			return balance >= c.Value
 		case AnnouncementOperatorLT:
 			return balance < c.Value
 		case AnnouncementOperatorLTE:
 			return balance <= c.Value
 		case AnnouncementOperatorEQ:
 			return balance == c.Value
 		default:
 			return false
 		}
 	default:
 		return false
 	}
 }
 func (t AnnouncementTargeting) NormalizeAndValidate() (AnnouncementTargeting, error) {
 	normalized := AnnouncementTargeting{AnyOf: make([]AnnouncementConditionGroup, 0, len(t.AnyOf))}
 	// 允许空 targeting（展示给所有用户）
 	if len(t.AnyOf) == 0 {
 		return normalized, nil
 	}
 	if len(t.AnyOf) > 50 {
 		return AnnouncementTargeting{}, ErrAnnouncementInvalidTarget
 	}
 	for _, g := range t.AnyOf {
 		if len(g.AllOf) == 0 {
 			return AnnouncementTargeting{}, ErrAnnouncementInvalidTarget
 		}
 		if len(g.AllOf) > 50 {
 			return AnnouncementTargeting{}, ErrAnnouncementInvalidTarget
 		}
 		group := AnnouncementConditionGroup{AllOf: make([]AnnouncementCondition, 0, len(g.AllOf))}
 		for _, c := range g.AllOf {
 			cond := AnnouncementCondition{
 				Type:     strings.TrimSpace(c.Type),
 				Operator: strings.TrimSpace(c.Operator),
 				Value:    c.Value,
 			}
 			for _, gid := range c.GroupIDs {
 				if gid <= 0 {
 					return AnnouncementTargeting{}, ErrAnnouncementInvalidTarget
 				}
 				cond.GroupIDs = append(cond.GroupIDs, gid)
 			}
 			if err := cond.validate(); err != nil {
 				return AnnouncementTargeting{}, err
 			}
 			group.AllOf = append(group.AllOf, cond)
 		}
 		normalized.AnyOf = append(normalized.AnyOf, group)
 	}
 	return normalized, nil
 }
 func (c AnnouncementCondition) validate() error {
 	switch c.Type {
 	case AnnouncementConditionTypeSubscription:
 		if c.Operator != AnnouncementOperatorIn {
 			return ErrAnnouncementInvalidTarget
 		}
 		if len(c.GroupIDs) == 0 {
 			return ErrAnnouncementInvalidTarget
 		}
 		return nil
 	case AnnouncementConditionTypeBalance:
 		switch c.Operator {
 		case AnnouncementOperatorGT, AnnouncementOperatorGTE, AnnouncementOperatorLT, AnnouncementOperatorLTE, AnnouncementOperatorEQ:
 			return nil
 		default:
 			return ErrAnnouncementInvalidTarget
 		}
 	default:
 		return ErrAnnouncementInvalidTarget
 	}
 }
 type Announcement struct {
 	ID        int64
 	Title     string
 	Content   string
 	Status    string
 	Targeting AnnouncementTargeting
 	StartsAt  *time.Time
 	EndsAt    *time.Time
 	CreatedBy *int64
 	UpdatedBy *int64
 	CreatedAt time.Time
 	UpdatedAt time.Time
 }
 func (a *Announcement) IsActiveAt(now time.Time) bool {
 	if a == nil {
 		return false
 	}
 	if a.Status != AnnouncementStatusActive {
 		return false
 	}
 	if a.StartsAt != nil && now.Before(*a.StartsAt) {
 		return false
 	}
 	if a.EndsAt != nil && !now.Before(*a.EndsAt) {
 		// ends_at 语义：到点即下线
 		return false
 	}
 	return true
 }
--- a/backend/internal/domain/constants.go
+++ b/backend/internal/domain/constants.go
@@ -0,0 +1,110 @@
 package domain
 // Status constants
 const (
 	StatusActive   = "active"
 	StatusDisabled = "disabled"
 	StatusError    = "error"
 	StatusUnused   = "unused"
 	StatusUsed     = "used"
 	StatusExpired  = "expired"
 )
 // Role constants
 const (
 	RoleAdmin = "admin"
 	RoleUser  = "user"
 )
 // Platform constants
 const (
 	PlatformAnthropic   = "anthropic"
 	PlatformOpenAI      = "openai"
 	PlatformGemini      = "gemini"
 	PlatformAntigravity = "antigravity"
 	PlatformSora        = "sora"
 )
 // Account type constants
 const (
 	AccountTypeOAuth      = "oauth"       // OAuth类型账号（full scope: profile + inference）
 	AccountTypeSetupToken = "setup-token" // Setup Token类型账号（inference only scope）
 	AccountTypeAPIKey     = "apikey"      // API Key类型账号
 	AccountTypeUpstream   = "upstream"    // 上游透传类型账号（通过 Base URL + API Key 连接上游）
 )
 // Redeem type constants
 const (
 	RedeemTypeBalance      = "balance"
 	RedeemTypeConcurrency  = "concurrency"
 	RedeemTypeSubscription = "subscription"
 	RedeemTypeInvitation   = "invitation"
 )
 // PromoCode status constants
 const (
 	PromoCodeStatusActive   = "active"
 	PromoCodeStatusDisabled = "disabled"
 )
 // Admin adjustment type constants
 const (
 	AdjustmentTypeAdminBalance     = "admin_balance"     // 管理员调整余额
 	AdjustmentTypeAdminConcurrency = "admin_concurrency" // 管理员调整并发数
 )
 // Group subscription type constants
 const (
 	SubscriptionTypeStandard     = "standard"     // 标准计费模式（按余额扣费）
 	SubscriptionTypeSubscription = "subscription" // 订阅模式（按限额控制）
 )
 // Subscription status constants
 const (
 	SubscriptionStatusActive    = "active"
 	SubscriptionStatusExpired   = "expired"
 	SubscriptionStatusSuspended = "suspended"
 )
 // DefaultAntigravityModelMapping 是 Antigravity 平台的默认模型映射
 // 当账号未配置 model_mapping 时使用此默认值
 // 与前端 useModelWhitelist.ts 中的 antigravityDefaultMappings 保持一致
 var DefaultAntigravityModelMapping = map[string]string{
 	// Claude 白名单
 	"claude-opus-4-6-thinking":   "claude-opus-4-6-thinking", // 官方模型
 	"claude-opus-4-6":            "claude-opus-4-6-thinking", // 简称映射
 	"claude-opus-4-5-thinking":   "claude-opus-4-6-thinking", // 迁移旧模型
 	"claude-sonnet-4-6":          "claude-sonnet-4-6",
 	"claude-sonnet-4-5":          "claude-sonnet-4-5",
 	"claude-sonnet-4-5-thinking": "claude-sonnet-4-5-thinking",
 	// Claude 详细版本 ID 映射
 	"claude-opus-4-5-20251101":   "claude-opus-4-6-thinking", // 迁移旧模型
 	"claude-sonnet-4-5-20250929": "claude-sonnet-4-5",
 	// Claude Haiku → Sonnet（无 Haiku 支持）
 	"claude-haiku-4-5":          "claude-sonnet-4-5",
 	"claude-haiku-4-5-20251001": "claude-sonnet-4-5",
 	// Gemini 2.5 白名单
 	"gemini-2.5-flash":          "gemini-2.5-flash",
 	"gemini-2.5-flash-lite":     "gemini-2.5-flash-lite",
 	"gemini-2.5-flash-thinking": "gemini-2.5-flash-thinking",
 	"gemini-2.5-pro":            "gemini-2.5-pro",
 	// Gemini 3 白名单
 	"gemini-3-flash":    "gemini-3-flash",
 	"gemini-3-pro-high": "gemini-3-pro-high",
 	"gemini-3-pro-low":  "gemini-3-pro-low",
 	// Gemini 3 preview 映射
 	"gemini-3-flash-preview": "gemini-3-flash",
 	"gemini-3-pro-preview":   "gemini-3-pro-high",
 	// Gemini 3.1 白名单
 	"gemini-3.1-pro-high": "gemini-3.1-pro-high",
 	"gemini-3.1-pro-low":  "gemini-3.1-pro-low",
 	// Gemini 3.1 preview 映射
 	"gemini-3.1-pro-preview": "gemini-3.1-pro-high",
 	// Gemini 3.1 image 白名单
 	"gemini-3.1-flash-image": "gemini-3.1-flash-image",
 	// Gemini 3.1 image preview 映射
 	"gemini-3.1-flash-image-preview": "gemini-3.1-flash-image",
 	// 其他官方模型
 	"gpt-oss-120b-medium":    "gpt-oss-120b-medium",
 	"tab_flash_lite_preview": "tab_flash_lite_preview",
 }
--- a/backend/internal/handler/admin/account_data.go
+++ b/backend/internal/handler/admin/account_data.go
@@ -0,0 +1,550 @@
 package admin
 import (
 	"context"
 	"errors"
 	"fmt"
 	"strconv"
 	"strings"
 	"time"
 	"github.com/Wei-Shaw/sub2api/internal/pkg/response"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 	"github.com/gin-gonic/gin"
 )
 const (
 	dataType       = "sub2api-data"
 	legacyDataType = "sub2api-bundle"
 	dataVersion    = 1
 	dataPageCap    = 1000
 )
 type DataPayload struct {
 	Type       string        `json:"type,omitempty"`
 	Version    int           `json:"version,omitempty"`
 	ExportedAt string        `json:"exported_at"`
 	Proxies    []DataProxy   `json:"proxies"`
 	Accounts   []DataAccount `json:"accounts"`
 }
 type DataProxy struct {
 	ProxyKey string `json:"proxy_key"`
 	Name     string `json:"name"`
 	Protocol string `json:"protocol"`
 	Host     string `json:"host"`
 	Port     int    `json:"port"`
 	Username string `json:"username,omitempty"`
 	Password string `json:"password,omitempty"`
 	Status   string `json:"status"`
 }
 type DataAccount struct {
 	Name               string         `json:"name"`
 	Notes              *string        `json:"notes,omitempty"`
 	Platform           string         `json:"platform"`
 	Type               string         `json:"type"`
 	Credentials        map[string]any `json:"credentials"`
 	Extra              map[string]any `json:"extra,omitempty"`
 	ProxyKey           *string        `json:"proxy_key,omitempty"`
 	Concurrency        int            `json:"concurrency"`
 	Priority           int            `json:"priority"`
 	RateMultiplier     *float64       `json:"rate_multiplier,omitempty"`
 	ExpiresAt          *int64         `json:"expires_at,omitempty"`
 	AutoPauseOnExpired *bool          `json:"auto_pause_on_expired,omitempty"`
 }
 type DataImportRequest struct {
 	Data                 DataPayload `json:"data"`
 	SkipDefaultGroupBind *bool       `json:"skip_default_group_bind"`
 }
 type DataImportResult struct {
 	ProxyCreated   int               `json:"proxy_created"`
 	ProxyReused    int               `json:"proxy_reused"`
 	ProxyFailed    int               `json:"proxy_failed"`
 	AccountCreated int               `json:"account_created"`
 	AccountFailed  int               `json:"account_failed"`
 	Errors         []DataImportError `json:"errors,omitempty"`
 }
 type DataImportError struct {
 	Kind     string `json:"kind"`
 	Name     string `json:"name,omitempty"`
 	ProxyKey string `json:"proxy_key,omitempty"`
 	Message  string `json:"message"`
 }
 func buildProxyKey(protocol, host string, port int, username, password string) string {
 	return fmt.Sprintf("%s|%s|%d|%s|%s", strings.TrimSpace(protocol), strings.TrimSpace(host), port, strings.TrimSpace(username), strings.TrimSpace(password))
 }
 func (h *AccountHandler) ExportData(c *gin.Context) {
 	ctx := c.Request.Context()
 	selectedIDs, err := parseAccountIDs(c)
 	if err != nil {
 		response.BadRequest(c, err.Error())
 		return
 	}
 	accounts, err := h.resolveExportAccounts(ctx, selectedIDs, c)
 	if err != nil {
 		response.ErrorFrom(c, err)
 		return
 	}
 	includeProxies, err := parseIncludeProxies(c)
 	if err != nil {
 		response.BadRequest(c, err.Error())
 		return
 	}
 	var proxies []service.Proxy
 	if includeProxies {
 		proxies, err = h.resolveExportProxies(ctx, accounts)
 		if err != nil {
 			response.ErrorFrom(c, err)
 			return
 		}
 	} else {
 		proxies = []service.Proxy{}
 	}
 	proxyKeyByID := make(map[int64]string, len(proxies))
 	dataProxies := make([]DataProxy, 0, len(proxies))
 	for i := range proxies {
 		p := proxies[i]
 		key := buildProxyKey(p.Protocol, p.Host, p.Port, p.Username, p.Password)
 		proxyKeyByID[p.ID] = key
 		dataProxies = append(dataProxies, DataProxy{
 			ProxyKey: key,
 			Name:     p.Name,
 			Protocol: p.Protocol,
 			Host:     p.Host,
 			Port:     p.Port,
 			Username: p.Username,
 			Password: p.Password,
 			Status:   p.Status,
 		})
 	}
 	dataAccounts := make([]DataAccount, 0, len(accounts))
 	for i := range accounts {
 		acc := accounts[i]
 		var proxyKey *string
 		if acc.ProxyID != nil {
 			if key, ok := proxyKeyByID[*acc.ProxyID]; ok {
 				proxyKey = &key
 			}
 		}
 		var expiresAt *int64
 		if acc.ExpiresAt != nil {
 			v := acc.ExpiresAt.Unix()
 			expiresAt = &v
 		}
 		dataAccounts = append(dataAccounts, DataAccount{
 			Name:               acc.Name,
 			Notes:              acc.Notes,
 			Platform:           acc.Platform,
 			Type:               acc.Type,
 			Credentials:        acc.Credentials,
 			Extra:              acc.Extra,
 			ProxyKey:           proxyKey,
 			Concurrency:        acc.Concurrency,
 			Priority:           acc.Priority,
 			RateMultiplier:     acc.RateMultiplier,
 			ExpiresAt:          expiresAt,
 			AutoPauseOnExpired: &acc.AutoPauseOnExpired,
 		})
 	}
 	payload := DataPayload{
 		ExportedAt: time.Now().UTC().Format(time.RFC3339),
 		Proxies:    dataProxies,
 		Accounts:   dataAccounts,
 	}
 	response.Success(c, payload)
 }
 func (h *AccountHandler) ImportData(c *gin.Context) {
 	var req DataImportRequest
 	if err := c.ShouldBindJSON(&req); err != nil {
 		response.BadRequest(c, "Invalid request: "+err.Error())
 		return
 	}
 	if err := validateDataHeader(req.Data); err != nil {
 		response.BadRequest(c, err.Error())
 		return
 	}
 	executeAdminIdempotentJSON(c, "admin.accounts.import_data", req, service.DefaultWriteIdempotencyTTL(), func(ctx context.Context) (any, error) {
 		return h.importData(ctx, req)
 	})
 }
 func (h *AccountHandler) importData(ctx context.Context, req DataImportRequest) (DataImportResult, error) {
 	skipDefaultGroupBind := true
 	if req.SkipDefaultGroupBind != nil {
 		skipDefaultGroupBind = *req.SkipDefaultGroupBind
 	}
 	dataPayload := req.Data
 	result := DataImportResult{}
 	existingProxies, err := h.listAllProxies(ctx)
 	if err != nil {
 		return result, err
 	}
 	proxyKeyToID := make(map[string]int64, len(existingProxies))
 	for i := range existingProxies {
 		p := existingProxies[i]
 		key := buildProxyKey(p.Protocol, p.Host, p.Port, p.Username, p.Password)
 		proxyKeyToID[key] = p.ID
 	}
 	for i := range dataPayload.Proxies {
 		item := dataPayload.Proxies[i]
 		key := item.ProxyKey
 		if key == "" {
 			key = buildProxyKey(item.Protocol, item.Host, item.Port, item.Username, item.Password)
 		}
 		if err := validateDataProxy(item); err != nil {
 			result.ProxyFailed++
 			result.Errors = append(result.Errors, DataImportError{
 				Kind:     "proxy",
 				Name:     item.Name,
 				ProxyKey: key,
 				Message:  err.Error(),
 			})
 			continue
 		}
 		normalizedStatus := normalizeProxyStatus(item.Status)
 		if existingID, ok := proxyKeyToID[key]; ok {
 			proxyKeyToID[key] = existingID
 			result.ProxyReused++
 			if normalizedStatus != "" {
 				if proxy, getErr := h.adminService.GetProxy(ctx, existingID); getErr == nil && proxy != nil && proxy.Status != normalizedStatus {
 					_, _ = h.adminService.UpdateProxy(ctx, existingID, &service.UpdateProxyInput{
 						Status: normalizedStatus,
 					})
 				}
 			}
 			continue
 		}
 		created, createErr := h.adminService.CreateProxy(ctx, &service.CreateProxyInput{
 			Name:     defaultProxyName(item.Name),
 			Protocol: item.Protocol,
 			Host:     item.Host,
 			Port:     item.Port,
 			Username: item.Username,
 			Password: item.Password,
 		})
 		if createErr != nil {
 			result.ProxyFailed++
 			result.Errors = append(result.Errors, DataImportError{
 				Kind:     "proxy",
 				Name:     item.Name,
 				ProxyKey: key,
 				Message:  createErr.Error(),
 			})
 			continue
 		}
 		proxyKeyToID[key] = created.ID
 		result.ProxyCreated++
 		if normalizedStatus != "" && normalizedStatus != created.Status {
 			_, _ = h.adminService.UpdateProxy(ctx, created.ID, &service.UpdateProxyInput{
 				Status: normalizedStatus,
 			})
 		}
 	}
 	for i := range dataPayload.Accounts {
 		item := dataPayload.Accounts[i]
 		if err := validateDataAccount(item); err != nil {
 			result.AccountFailed++
 			result.Errors = append(result.Errors, DataImportError{
 				Kind:    "account",
 				Name:    item.Name,
 				Message: err.Error(),
 			})
 			continue
 		}
 		var proxyID *int64
 		if item.ProxyKey != nil && *item.ProxyKey != "" {
 			if id, ok := proxyKeyToID[*item.ProxyKey]; ok {
 				proxyID = &id
 			} else {
 				result.AccountFailed++
 				result.Errors = append(result.Errors, DataImportError{
 					Kind:     "account",
 					Name:     item.Name,
 					ProxyKey: *item.ProxyKey,
 					Message:  "proxy_key not found",
 				})
 				continue
 			}
 		}
 		accountInput := &service.CreateAccountInput{
 			Name:                 item.Name,
 			Notes:                item.Notes,
 			Platform:             item.Platform,
 			Type:                 item.Type,
 			Credentials:          item.Credentials,
 			Extra:                item.Extra,
 			ProxyID:              proxyID,
 			Concurrency:          item.Concurrency,
 			Priority:             item.Priority,
 			RateMultiplier:       item.RateMultiplier,
 			GroupIDs:             nil,
 			ExpiresAt:            item.ExpiresAt,
 			AutoPauseOnExpired:   item.AutoPauseOnExpired,
 			SkipDefaultGroupBind: skipDefaultGroupBind,
 		}
 		if _, err := h.adminService.CreateAccount(ctx, accountInput); err != nil {
 			result.AccountFailed++
 			result.Errors = append(result.Errors, DataImportError{
 				Kind:    "account",
 				Name:    item.Name,
 				Message: err.Error(),
 			})
 			continue
 		}
 		result.AccountCreated++
 	}
 	return result, nil
 }
 func (h *AccountHandler) listAllProxies(ctx context.Context) ([]service.Proxy, error) {
 	page := 1
 	pageSize := dataPageCap
 	var out []service.Proxy
 	for {
 		items, total, err := h.adminService.ListProxies(ctx, page, pageSize, "", "", "")
 		if err != nil {
 			return nil, err
 		}
 		out = append(out, items...)
 		if len(out) >= int(total) || len(items) == 0 {
 			break
 		}
 		page++
 	}
 	return out, nil
 }
 func (h *AccountHandler) listAccountsFiltered(ctx context.Context, platform, accountType, status, search string) ([]service.Account, error) {
 	page := 1
 	pageSize := dataPageCap
 	var out []service.Account
 	for {
 		items, total, err := h.adminService.ListAccounts(ctx, page, pageSize, platform, accountType, status, search, 0)
 		if err != nil {
 			return nil, err
 		}
 		out = append(out, items...)
 		if len(out) >= int(total) || len(items) == 0 {
 			break
 		}
 		page++
 	}
 	return out, nil
 }
 func (h *AccountHandler) resolveExportAccounts(ctx context.Context, ids []int64, c *gin.Context) ([]service.Account, error) {
 	if len(ids) > 0 {
 		accounts, err := h.adminService.GetAccountsByIDs(ctx, ids)
 		if err != nil {
 			return nil, err
 		}
 		out := make([]service.Account, 0, len(accounts))
 		for _, acc := range accounts {
 			if acc == nil {
 				continue
 			}
 			out = append(out, *acc)
 		}
 		return out, nil
 	}
 	platform := c.Query("platform")
 	accountType := c.Query("type")
 	status := c.Query("status")
 	search := strings.TrimSpace(c.Query("search"))
 	if len(search) > 100 {
 		search = search[:100]
 	}
 	return h.listAccountsFiltered(ctx, platform, accountType, status, search)
 }
 func (h *AccountHandler) resolveExportProxies(ctx context.Context, accounts []service.Account) ([]service.Proxy, error) {
 	if len(accounts) == 0 {
 		return []service.Proxy{}, nil
 	}
 	seen := make(map[int64]struct{})
 	ids := make([]int64, 0)
 	for i := range accounts {
 		if accounts[i].ProxyID == nil {
 			continue
 		}
 		id := *accounts[i].ProxyID
 		if id <= 0 {
 			continue
 		}
 		if _, ok := seen[id]; ok {
 			continue
 		}
 		seen[id] = struct{}{}
 		ids = append(ids, id)
 	}
 	if len(ids) == 0 {
 		return []service.Proxy{}, nil
 	}
 	return h.adminService.GetProxiesByIDs(ctx, ids)
 }
 func parseAccountIDs(c *gin.Context) ([]int64, error) {
 	values := c.QueryArray("ids")
 	if len(values) == 0 {
 		raw := strings.TrimSpace(c.Query("ids"))
 		if raw != "" {
 			values = []string{raw}
 		}
 	}
 	if len(values) == 0 {
 		return nil, nil
 	}
 	ids := make([]int64, 0, len(values))
 	for _, item := range values {
 		for _, part := range strings.Split(item, ",") {
 			part = strings.TrimSpace(part)
 			if part == "" {
 				continue
 			}
 			id, err := strconv.ParseInt(part, 10, 64)
 			if err != nil || id <= 0 {
 				return nil, fmt.Errorf("invalid account id: %s", part)
 			}
 			ids = append(ids, id)
 		}
 	}
 	return ids, nil
 }
 func parseIncludeProxies(c *gin.Context) (bool, error) {
 	raw := strings.TrimSpace(strings.ToLower(c.Query("include_proxies")))
 	if raw == "" {
 		return true, nil
 	}
 	switch raw {
 	case "1", "true", "yes", "on":
 		return true, nil
 	case "0", "false", "no", "off":
 		return false, nil
 	default:
 		return true, fmt.Errorf("invalid include_proxies value: %s", raw)
 	}
 }
 func validateDataHeader(payload DataPayload) error {
 	if payload.Type != "" && payload.Type != dataType && payload.Type != legacyDataType {
 		return fmt.Errorf("unsupported data type: %s", payload.Type)
 	}
 	if payload.Version != 0 && payload.Version != dataVersion {
 		return fmt.Errorf("unsupported data version: %d", payload.Version)
 	}
 	if payload.Proxies == nil {
 		return errors.New("proxies is required")
 	}
 	if payload.Accounts == nil {
 		return errors.New("accounts is required")
 	}
 	return nil
 }
 func validateDataProxy(item DataProxy) error {
 	if strings.TrimSpace(item.Protocol) == "" {
 		return errors.New("proxy protocol is required")
 	}
 	if strings.TrimSpace(item.Host) == "" {
 		return errors.New("proxy host is required")
 	}
 	if item.Port <= 0 || item.Port > 65535 {
 		return errors.New("proxy port is invalid")
 	}
 	switch item.Protocol {
 	case "http", "https", "socks5", "socks5h":
 	default:
 		return fmt.Errorf("proxy protocol is invalid: %s", item.Protocol)
 	}
 	if item.Status != "" {
 		normalizedStatus := normalizeProxyStatus(item.Status)
 		if normalizedStatus != service.StatusActive && normalizedStatus != "inactive" {
 			return fmt.Errorf("proxy status is invalid: %s", item.Status)
 		}
 	}
 	return nil
 }
 func validateDataAccount(item DataAccount) error {
 	if strings.TrimSpace(item.Name) == "" {
 		return errors.New("account name is required")
 	}
 	if strings.TrimSpace(item.Platform) == "" {
 		return errors.New("account platform is required")
 	}
 	if strings.TrimSpace(item.Type) == "" {
 		return errors.New("account type is required")
 	}
 	if len(item.Credentials) == 0 {
 		return errors.New("account credentials is required")
 	}
 	switch item.Type {
 	case service.AccountTypeOAuth, service.AccountTypeSetupToken, service.AccountTypeAPIKey, service.AccountTypeUpstream:
 	default:
 		return fmt.Errorf("account type is invalid: %s", item.Type)
 	}
 	if item.RateMultiplier != nil && *item.RateMultiplier < 0 {
 		return errors.New("rate_multiplier must be >= 0")
 	}
 	if item.Concurrency < 0 {
 		return errors.New("concurrency must be >= 0")
 	}
 	if item.Priority < 0 {
 		return errors.New("priority must be >= 0")
 	}
 	return nil
 }
 func defaultProxyName(name string) string {
 	if strings.TrimSpace(name) == "" {
 		return "imported-proxy"
 	}
 	return name
 }
 func normalizeProxyStatus(status string) string {
 	normalized := strings.TrimSpace(strings.ToLower(status))
 	switch normalized {
 	case "":
 		return ""
 	case service.StatusActive:
 		return service.StatusActive
 	case "inactive", service.StatusDisabled:
 		return "inactive"
 	default:
 		return normalized
 	}
 }
--- a/backend/internal/handler/admin/account_data_handler_test.go
+++ b/backend/internal/handler/admin/account_data_handler_test.go
@@ -0,0 +1,231 @@
 package admin
 import (
 	"bytes"
 	"encoding/json"
 	"net/http"
 	"net/http/httptest"
 	"testing"
 	"github.com/Wei-Shaw/sub2api/internal/service"
 	"github.com/gin-gonic/gin"
 	"github.com/stretchr/testify/require"
 )
 type dataResponse struct {
 	Code int         `json:"code"`
 	Data dataPayload `json:"data"`
 }
 type dataPayload struct {
 	Type     string        `json:"type"`
 	Version  int           `json:"version"`
 	Proxies  []dataProxy   `json:"proxies"`
 	Accounts []dataAccount `json:"accounts"`
 }
 type dataProxy struct {
 	ProxyKey string `json:"proxy_key"`
 	Name     string `json:"name"`
 	Protocol string `json:"protocol"`
 	Host     string `json:"host"`
 	Port     int    `json:"port"`
 	Username string `json:"username"`
 	Password string `json:"password"`
 	Status   string `json:"status"`
 }
 type dataAccount struct {
 	Name        string         `json:"name"`
 	Platform    string         `json:"platform"`
 	Type        string         `json:"type"`
 	Credentials map[string]any `json:"credentials"`
 	Extra       map[string]any `json:"extra"`
 	ProxyKey    *string        `json:"proxy_key"`
 	Concurrency int            `json:"concurrency"`
 	Priority    int            `json:"priority"`
 }
 func setupAccountDataRouter() (*gin.Engine, *stubAdminService) {
 	gin.SetMode(gin.TestMode)
 	router := gin.New()
 	adminSvc := newStubAdminService()
 	h := NewAccountHandler(
 		adminSvc,
 		nil,
 		nil,
 		nil,
 		nil,
 		nil,
 		nil,
 		nil,
 		nil,
 		nil,
 		nil,
 		nil,
 	)
 	router.GET("/api/v1/admin/accounts/data", h.ExportData)
 	router.POST("/api/v1/admin/accounts/data", h.ImportData)
 	return router, adminSvc
 }
 func TestExportDataIncludesSecrets(t *testing.T) {
 	router, adminSvc := setupAccountDataRouter()
 	proxyID := int64(11)
 	adminSvc.proxies = []service.Proxy{
 		{
 			ID:       proxyID,
 			Name:     "proxy",
 			Protocol: "http",
 			Host:     "127.0.0.1",
 			Port:     8080,
 			Username: "user",
 			Password: "pass",
 			Status:   service.StatusActive,
 		},
 		{
 			ID:       12,
 			Name:     "orphan",
 			Protocol: "https",
 			Host:     "10.0.0.1",
 			Port:     443,
 			Username: "o",
 			Password: "p",
 			Status:   service.StatusActive,
 		},
 	}
 	adminSvc.accounts = []service.Account{
 		{
 			ID:          21,
 			Name:        "account",
 			Platform:    service.PlatformOpenAI,
 			Type:        service.AccountTypeOAuth,
 			Credentials: map[string]any{"token": "secret"},
 			Extra:       map[string]any{"note": "x"},
 			ProxyID:     &proxyID,
 			Concurrency: 3,
 			Priority:    50,
 			Status:      service.StatusDisabled,
 		},
 	}
 	rec := httptest.NewRecorder()
 	req := httptest.NewRequest(http.MethodGet, "/api/v1/admin/accounts/data", nil)
 	router.ServeHTTP(rec, req)
 	require.Equal(t, http.StatusOK, rec.Code)
 	var resp dataResponse
 	require.NoError(t, json.Unmarshal(rec.Body.Bytes(), &resp))
 	require.Equal(t, 0, resp.Code)
 	require.Empty(t, resp.Data.Type)
 	require.Equal(t, 0, resp.Data.Version)
 	require.Len(t, resp.Data.Proxies, 1)
 	require.Equal(t, "pass", resp.Data.Proxies[0].Password)
 	require.Len(t, resp.Data.Accounts, 1)
 	require.Equal(t, "secret", resp.Data.Accounts[0].Credentials["token"])
 }
 func TestExportDataWithoutProxies(t *testing.T) {
 	router, adminSvc := setupAccountDataRouter()
 	proxyID := int64(11)
 	adminSvc.proxies = []service.Proxy{
 		{
 			ID:       proxyID,
 			Name:     "proxy",
 			Protocol: "http",
 			Host:     "127.0.0.1",
 			Port:     8080,
 			Username: "user",
 			Password: "pass",
 			Status:   service.StatusActive,
 		},
 	}
 	adminSvc.accounts = []service.Account{
 		{
 			ID:          21,
 			Name:        "account",
 			Platform:    service.PlatformOpenAI,
 			Type:        service.AccountTypeOAuth,
 			Credentials: map[string]any{"token": "secret"},
 			ProxyID:     &proxyID,
 			Concurrency: 3,
 			Priority:    50,
 			Status:      service.StatusDisabled,
 		},
 	}
 	rec := httptest.NewRecorder()
 	req := httptest.NewRequest(http.MethodGet, "/api/v1/admin/accounts/data?include_proxies=false", nil)
 	router.ServeHTTP(rec, req)
 	require.Equal(t, http.StatusOK, rec.Code)
 	var resp dataResponse
 	require.NoError(t, json.Unmarshal(rec.Body.Bytes(), &resp))
 	require.Equal(t, 0, resp.Code)
 	require.Len(t, resp.Data.Proxies, 0)
 	require.Len(t, resp.Data.Accounts, 1)
 	require.Nil(t, resp.Data.Accounts[0].ProxyKey)
 }
 func TestImportDataReusesProxyAndSkipsDefaultGroup(t *testing.T) {
 	router, adminSvc := setupAccountDataRouter()
 	adminSvc.proxies = []service.Proxy{
 		{
 			ID:       1,
 			Name:     "proxy",
 			Protocol: "socks5",
 			Host:     "1.2.3.4",
 			Port:     1080,
 			Username: "u",
 			Password: "p",
 			Status:   service.StatusActive,
 		},
 	}
 	dataPayload := map[string]any{
 		"data": map[string]any{
 			"type":    dataType,
 			"version": dataVersion,
 			"proxies": []map[string]any{
 				{
 					"proxy_key": "socks5|1.2.3.4|1080|u|p",
 					"name":      "proxy",
 					"protocol":  "socks5",
 					"host":      "1.2.3.4",
 					"port":      1080,
 					"username":  "u",
 					"password":  "p",
 					"status":    "active",
 				},
 			},
 			"accounts": []map[string]any{
 				{
 					"name":        "acc",
 					"platform":    service.PlatformOpenAI,
 					"type":        service.AccountTypeOAuth,
 					"credentials": map[string]any{"token": "x"},
 					"proxy_key":   "socks5|1.2.3.4|1080|u|p",
 					"concurrency": 3,
 					"priority":    50,
 				},
 			},
 		},
 		"skip_default_group_bind": true,
 	}
 	body, _ := json.Marshal(dataPayload)
 	rec := httptest.NewRecorder()
 	req := httptest.NewRequest(http.MethodPost, "/api/v1/admin/accounts/data", bytes.NewReader(body))
 	req.Header.Set("Content-Type", "application/json")
 	router.ServeHTTP(rec, req)
 	require.Equal(t, http.StatusOK, rec.Code)
 	require.Len(t, adminSvc.createdProxies, 0)
 	require.Len(t, adminSvc.createdAccounts, 1)
 	require.True(t, adminSvc.createdAccounts[0].SkipDefaultGroupBind)
 }
--- a/Show More
+++ b/Show More