[codex] refresh integration and settings docs for current UI and provider coverage

[cita-777]

This PR refreshes the public docs so they match the current Metapi product surface instead of the older, narrower documentation set.

Users were running into two kinds of drift. First, the upstream integration docs no longer reflected the real set of supported site types and entry points: CPA / cliproxyapi, official vendor presets such as Coding Plan / DeepSeek / Moonshot / MiniMax / ModelScope, AI request endpoint pools, and the dedicated OAuth management flow were either missing or underexplained. Second, the settings and K3s update-center docs still leaned too heavily on environment-variable explanations even though much of the real operator workflow has already moved into the web UI. That mismatch made the product feel harder to configure than it actually is, and it also caused the docs tone to drift away from the more user-facing style already used in the upstream integration guide.

This change updates the docs around the actual user journey. The upstream integration guide now keeps its tutorial-style structure and screenshots while expanding coverage for current platform types, CPA, vendor presets, OAuth entry points, AI request address pools, and the newer detection rules. A new OAuth guide explains the dedicated OAuth management page, supported providers, callback expectations, and the difference between provider authorization and ordinary site/API-key onboarding. The configuration docs now describe the real UI-first flow for ordinary users while still preserving the environment-variable details that matter for first boot, deployment-time setup, OAuth client overrides, and Deploy Helper wiring. The K3s update-center guide now makes the UI-vs-env split explicit, so operators know which fields belong in “Settings -> Update Center” and which ones still belong in service env or helper manifests.

The supporting docs and entry points were updated as well so the new pages are discoverable: the docs navigation, docs maintenance map, getting-started guide, FAQ, management API docs, docs index, README, and .env.example were brought in line with the expanded coverage.

Validation: npm run docs:build

Summary by CodeRabbit

• New Features

  • Added direct OAuth provider integration (Codex, Claude, Gemini CLI, Antigravity).
  • Official presets for multiple providers and an AI request address pool for flexible routing.

• Documentation

  • New OAuth management docs and nav entry; expanded upstream integration, configuration, FAQ, getting-started, and k3s update-center guidance.
  • Reworked config docs to clarify UI vs environment configuration and connection workflows.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds OAuth management documentation and management-API endpoints, restructures upstream integration guidance into three modes (panel aggregators, official presets, OAuth), updates multiple docs and site navigation, and extends .env.example with seven new environment variables including OAuth client credentials and SYSTEM_PROXY_URL.

Changes

Cohort / File(s)	Summary
Environment Configuration \.env.example	Added 7 environment variables: ACCOUNT_CREDENTIAL_SECRET, SYSTEM_PROXY_URL, and OAuth client credentials: CLAUDE_CLIENT_ID, CLAUDE_CLIENT_SECRET, CODEX_CLIENT_ID, GEMINI_CLI_CLIENT_ID, GEMINI_CLI_CLIENT_SECRET.
Root Documentation README.md	Reorganized upstream support into grouped categories (aggregation panels, compatibility endpoints, official presets, OAuth) and added links to upstream-integration and OAuth docs.
VitePress Nav / Sidebar docs/.vitepress/config.ts	Added "OAuth 管理" entry to top nav and to the “使用与运维” sidebar, pointing to /oauth.
Docs Index & Map docs/index.md, docs/README.md	Added OAuth management to feature list and content map; updated “上游平台选择与接法” to include official presets and AI 请求地址池.
Configuration Guidance docs/configuration.md	Rewrote configuration docs to a scenario-based “UI vs env” model, documented UI-managed notification/downstream key settings, and added first-start required env vars and links to OAuth management.
Getting Started Flow docs/getting-started.md	Split onboarding into three branches (panel-based, API-key/compat, OAuth), clarified AI 请求地址池 usage and presets behavior, adjusted step numbering and links to absolute doc paths.
Upstream & OAuth Docs docs/upstream-integration.md, docs/oauth.md (new)	Expanded upstream integration to three modes, added CPA/CLIProxyAPI guidance, introduced official presets, and added a new oauth.md describing providers, flows, callback modes, states, and management API routes.
Management API & FAQ docs/management-api.md, docs/faq.md	Documented new OAuth management endpoints (/api/oauth/*), optional initializationPresetId and apiEndpoints in site creation, and updated FAQ to include OAuth as an auth mode.
K3s / Update Center docs/k3s-update-center.md	Added UI vs env mapping for update-center and deploy-helper tokens; clarified deploy digest limitations and token placement.

Sequence Diagram(s)

sequenceDiagram
  participant User as "User / Admin"
  participant UI as "Management UI"
  participant API as "Management API"
  participant OAuth as "OAuth Provider"
  participant DB as "DB / Connections Store"

  rect rgba(200,200,255,0.5)
  User->>UI: Click "Start OAuth" (choose provider)
  UI->>API: POST /api/oauth/providers/:provider/start
  API->>OAuth: Redirect / Auth request
  end

  rect rgba(200,255,200,0.5)
  OAuth-->>User: Authorization page
  User->>OAuth: Grant access (consent)
  OAuth->>API: Redirect/Callback (state)
  API->>DB: Persist connection / tokens
  API->>UI: Notify success (session/state)
  UI->>User: Show connected account
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• docs: add management API guide #334 — Overlaps documentation and VitePress sidebar/nav changes around management API and OAuth docs; likely related edits to the same docs/navigation.

Suggested labels

size: L

Poem

🐰 I hopped through docs and env by night,
OAuth keys tucked in soft moonlight,
Panels, presets, and callbacks sing,
Connections bloom — a joyful spring! 🌙✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly references refreshing integration and settings documentation to match current UI and provider coverage, which aligns with the main objective of updating public docs for the current product surface.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/docs-coverage-refresh

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (3)

.env.example (2)

9-11: Add inline “required when enabled” hints for provider secrets

These keys are easy to misconfigure (e.g., Gemini requires both ID+secret; Claude secret has no fallback). A short inline note here would reduce setup errors.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.env.example around lines 9 - 11, Update the .env.example entries for
CLAUDE_CLIENT_SECRET, GEMINI_CLI_CLIENT_ID, and GEMMINI_CLI_CLIENT_SECRET (note:
variable names in the diff) to include short inline hints indicating they are
"required when enabled" and any provider-specific requirements (e.g., "Gemini
requires both ID + secret; Claude secret has no fallback") so users see
at-a-glance when each secret must be supplied.

---

7-11: Optional: reorder new keys to satisfy dotenv-linter ordering checks

Static analysis flags these additions as unordered. If lint cleanliness is required in CI, reorder keys per project convention.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.env.example around lines 7 - 11, The added environment keys
(CODEX_CLIENT_ID, CLAUDE_CLIENT_ID, CLAUDE_CLIENT_SECRET, GEMINI_CLI_CLIENT_ID,
GEMINI_CLI_CLIENT_SECRET) are out of order for the project's dotenv-linter;
reorder these entries to match the repository's .env key ordering convention
(e.g., alphabetical or the established grouping used in the file) so they pass
dotenv-linter checks, keeping the exact key names and any surrounding blank
lines intact.

docs/k3s-update-center.md (1)

374-374: 建议把“对齐的 token”改成明确变量名。

Line 374 可直接写成 DEPLOY_HELPER_TOKEN（含主服务别名 UPDATE_CENTER_HELPER_TOKEN）与 helper 侧 DEPLOY_HELPER_TOKEN 必须一致，减少歧义。

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/k3s-update-center.md` at line 374, 将文档中模糊的“对齐的 token”替换为明确的环境变量名，直接写成
DEPLOY_HELPER_TOKEN（并标注主服务的别名 UPDATE_CENTER_HELPER_TOKEN），并说明主服务与 helper
侧必须使用相同的 DEPLOY_HELPER_TOKEN
值以避免歧义；在涉及生成、配置或示例的部分明确指出两端变量名和一致性要求（DEPLOY_HELPER_TOKEN 与
UPDATE_CENTER_HELPER_TOKEN 对应且相同）。

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.env.example:
- Line 4: Update .env.example so ACCOUNT_CREDENTIAL_SECRET is not shipped empty
and clearly instructs developers to set a strong secret (do not leave blank);
explicitly replace the empty value with a placeholder like
ACCOUNT_CREDENTIAL_SECRET=REPLACE_WITH_STRONG_RANDOM_SECRET and a short note
that it must be a cryptographically-random secret (e.g., 32+ bytes) and must not
be re-used, because leaving it blank triggers the fallback in the config logic
(used by src/server/config.ts) which causes account credential encryption to
fall back to AUTH_TOKEN/hardcoded defaults and weakens security in
accountCredentialService.ts; ensure the example warns to generate the secret
securely and keep it out of source control.

In `@docs/upstream-integration.md`:
- Line 352: Change the two out-of-order headings "#### 当前内置预设" and the other
"#### ..." occurrence (the headings flagged at lines 352 and 382) from level 4
to level 3 to maintain proper markdown heading hierarchy (use "### 当前内置预设" and
the corresponding "### ..." for the other occurrence); update both heading
tokens so markdownlint MD001 no longer reports a heading level jump.

---

Nitpick comments:
In @.env.example:
- Around line 9-11: Update the .env.example entries for CLAUDE_CLIENT_SECRET,
GEMINI_CLI_CLIENT_ID, and GEMMINI_CLI_CLIENT_SECRET (note: variable names in the
diff) to include short inline hints indicating they are "required when enabled"
and any provider-specific requirements (e.g., "Gemini requires both ID + secret;
Claude secret has no fallback") so users see at-a-glance when each secret must
be supplied.
- Around line 7-11: The added environment keys (CODEX_CLIENT_ID,
CLAUDE_CLIENT_ID, CLAUDE_CLIENT_SECRET, GEMINI_CLI_CLIENT_ID,
GEMINI_CLI_CLIENT_SECRET) are out of order for the project's dotenv-linter;
reorder these entries to match the repository's .env key ordering convention
(e.g., alphabetical or the established grouping used in the file) so they pass
dotenv-linter checks, keeping the exact key names and any surrounding blank
lines intact.

In `@docs/k3s-update-center.md`:
- Line 374: 将文档中模糊的“对齐的 token”替换为明确的环境变量名，直接写成 DEPLOY_HELPER_TOKEN（并标注主服务的别名
UPDATE_CENTER_HELPER_TOKEN），并说明主服务与 helper 侧必须使用相同的 DEPLOY_HELPER_TOKEN
值以避免歧义；在涉及生成、配置或示例的部分明确指出两端变量名和一致性要求（DEPLOY_HELPER_TOKEN 与
UPDATE_CENTER_HELPER_TOKEN 对应且相同）。

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e554fa0a-2e1c-4080-8f02-a652d2e75c58

📥 Commits

Reviewing files that changed from the base of the PR and between 1407f75 and d03fd14.

📒 Files selected for processing (12)

• .env.example
• README.md
• docs/.vitepress/config.ts
• docs/README.md
• docs/configuration.md
• docs/faq.md
• docs/getting-started.md
• docs/index.md
• docs/k3s-update-center.md
• docs/management-api.md
• docs/oauth.md
• docs/upstream-integration.md

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.env.example (1)

6-13: Clarify OAuth credential requirements in the comment.

The comment states "Claude requires a client secret with no fallback" but all OAuth fields are left blank. This could confuse users about which credentials are truly required versus optional.

Consider rewording to make the requirement clearer:

💡 Suggested improvement

-# Optional OAuth overrides. Fill the matching credentials when an override is enabled; Claude requires a client secret with no fallback.
+# Optional OAuth provider credential overrides (see docs/oauth.md).
+# Claude: both CLAUDE_CLIENT_ID and CLAUDE_CLIENT_SECRET are required (no fallback).
+# Codex: only CODEX_CLIENT_ID is required.
+# Gemini CLI: both GEMINI_CLI_CLIENT_ID and GEMINI_CLI_CLIENT_SECRET are required together.
 CLAUDE_CLIENT_ID=
 CLAUDE_CLIENT_SECRET=
-# Codex OAuth override only needs CODEX_CLIENT_ID.
 CODEX_CLIENT_ID=
-# Gemini CLI override requires both GEMINI_CLI_CLIENT_ID and GEMINI_CLI_CLIENT_SECRET together.
 GEMINI_CLI_CLIENT_ID=
 GEMINI_CLI_CLIENT_SECRET=

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.env.example around lines 6 - 13, Update the .env.example comment to clearly
indicate which OAuth entries are optional vs required: explicitly mark
CLAUDE_CLIENT_ID and CLAUDE_CLIENT_SECRET as required when using Claude and note
that CLAUDE_CLIENT_SECRET has no fallback, mark CODEX_CLIENT_ID as
optional/only-needed for Codex override, and mark GEMINI_CLI_CLIENT_ID and
GEMINI_CLI_CLIENT_SECRET as a paired optional override for the Gemini CLI (both
required together). Reference the exact variable names CLAUDE_CLIENT_ID,
CLAUDE_CLIENT_SECRET, CODEX_CLIENT_ID, GEMINI_CLI_CLIENT_ID, and
GEMINI_CLI_CLIENT_SECRET in the updated comment and keep examples minimal so
users aren’t confused by blank entries.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/k3s-update-center.md`:
- Line 32: 将“这张对照表”改为更自然的量词搭配“这份对照表”：在 docs/k3s-update-center.md
中定位包含短语“建议先看下面这张对照表”的句子并替换为“建议先看下面这份对照表”，保持原句其他部分不变以改善读感和措辞准确性。

---

Nitpick comments:
In @.env.example:
- Around line 6-13: Update the .env.example comment to clearly indicate which
OAuth entries are optional vs required: explicitly mark CLAUDE_CLIENT_ID and
CLAUDE_CLIENT_SECRET as required when using Claude and note that
CLAUDE_CLIENT_SECRET has no fallback, mark CODEX_CLIENT_ID as
optional/only-needed for Codex override, and mark GEMINI_CLI_CLIENT_ID and
GEMINI_CLI_CLIENT_SECRET as a paired optional override for the Gemini CLI (both
required together). Reference the exact variable names CLAUDE_CLIENT_ID,
CLAUDE_CLIENT_SECRET, CODEX_CLIENT_ID, GEMINI_CLI_CLIENT_ID, and
GEMINI_CLI_CLIENT_SECRET in the updated comment and keep examples minimal so
users aren’t confused by blank entries.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 893ad598-1dc7-4d80-a812-442fd5cce2ab

📥 Commits

Reviewing files that changed from the base of the PR and between d03fd14 and ea5f8f0.

📒 Files selected for processing (3)

• .env.example
• docs/k3s-update-center.md
• docs/upstream-integration.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

措辞可再精确：将“这张对照表”改为“这份对照表”。

Line 32 的量词搭配略不自然，建议改成“建议先看下面这份对照表”，读感更顺。

🧰 Tools

🪛 LanguageTool

[uncategorized] ~32-~32: “张” 不能与 “对照表” 搭配，请更换量词。
Context: ...台页面、主服务环境变量、helper 部署清单三层配置，最容易混淆，建议先看下面这张对照表。 | 你要配什么 | 去哪里配 | 说明 | |------|------|...

(wa5)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/k3s-update-center.md` at line 32, 将“这张对照表”改为更自然的量词搭配“这份对照表”：在
docs/k3s-update-center.md
中定位包含短语“建议先看下面这张对照表”的句子并替换为“建议先看下面这份对照表”，保持原句其他部分不变以改善读感和措辞准确性。