feat: Add Web UI for account and quota management

## Summary
Add an optional Web UI for managing accounts and monitoring quotas.
WebUI is implemented as a modular plugin with minimal changes to server.js (only 5 lines added).

## New Features
- Dashboard: Real-time model quota visualization with Chart.js
- Accounts: OAuth-based account management (add/enable/disable/refresh/remove)
- Logs: Live server log streaming via SSE with search and level filtering
- Settings: System configuration with 4 tabs
  - Interface: Language (EN/zh_CN), polling interval, log buffer size, display options
  - Claude CLI: Proxy connection config, model selection, alias overrides (~/.claude.json)
  - Models: Model visibility and ordering management
  - Server Info: Runtime info and account config reload

## Technical Changes
- Add src/webui/index.js as modular plugin (all WebUI routes encapsulated)
- Add src/config.js for centralized configuration (~/.config/antigravity-proxy/config.json)
- Add authMiddleware for optional password protection (WEBUI_PASSWORD env var)
- Enhance logger with EventEmitter for SSE log streaming
- Make constants configurable via config.json
- Merge with main v1.2.6 (model fallback, cross-model thinking)
- server.js changes: only 5 lines added to import and mount WebUI module

## Bug Fixes
- Fix Alpine.js $watch error in settings-store.js (not supported in store init)
- Fix "OK" label to "SUCCESS" in logs filter
- Add saveSettings() calls to settings toggles for proper persistence
- Improve Claude CLI config robustness (handle empty/invalid JSON files)
- Add safety check for empty config.env in claude-config component
- Improve config.example.json instructions with clear Windows/macOS/Linux paths

## New Files
- src/webui/index.js - WebUI module with all API routes
- public/ - Complete Web UI frontend (Alpine.js + TailwindCSS + DaisyUI)
- src/config.js - Configuration management
- src/utils/claude-config.js - Claude CLI settings helper
- tests/frontend/ - Frontend test suite

## API Endpoints Added
- GET/POST /api/config - Server configuration
- GET/POST /api/claude/config - Claude CLI configuration
- POST /api/models/config - Model alias/hidden settings
- GET /api/accounts - Account list with status
- POST /api/accounts/:email/toggle - Enable/disable account
- POST /api/accounts/:email/refresh - Refresh account token
- DELETE /api/accounts/:email - Remove account
- GET /api/logs - Log history
- GET /api/logs/stream - Live log streaming (SSE)
- GET /api/auth/url - OAuth URL generation
- GET /oauth/callback - OAuth callback handler

## Backward Compatibility
- Default port remains 8080
- All existing CLI/API functionality unchanged
- WebUI is entirely optional
- Can be disabled by removing mountWebUI() call

src/utils/claude-config.js

@@ -0,0 +1,111 @@
+/**
+ * Claude CLI Configuration Utility
+ *
+ * Handles reading and writing to the global Claude CLI settings file.
+ * Location: ~/.claude/settings.json (Windows: %USERPROFILE%\.claude\settings.json)
+ */
+
+import fs from 'fs/promises';
+import path from 'path';
+import os from 'os';
+import { logger } from './logger.js';
+
+/**
+ * Get the path to the global Claude CLI settings file
+ * @returns {string} Absolute path to settings.json
+ */
+export function getClaudeConfigPath() {
+    return path.join(os.homedir(), '.claude', 'settings.json');
+}
+
+/**
+ * Read the global Claude CLI configuration
+ * @returns {Promise<Object>} The configuration object or empty object if file missing
+ */
+export async function readClaudeConfig() {
+    const configPath = getClaudeConfigPath();
+    try {
+        const content = await fs.readFile(configPath, 'utf8');
+        if (!content.trim()) return { env: {} };
+        return JSON.parse(content);
+    } catch (error) {
+        if (error.code === 'ENOENT') {
+            logger.warn(`[ClaudeConfig] Config file not found at ${configPath}, returning empty default`);
+            return { env: {} };
+        }
+        if (error instanceof SyntaxError) {
+            logger.error(`[ClaudeConfig] Invalid JSON in config at ${configPath}. Returning safe default.`);
+            return { env: {} };
+        }
+        logger.error(`[ClaudeConfig] Failed to read config at ${configPath}:`, error.message);
+        throw error;
+    }
+}
+
+/**
+ * Update the global Claude CLI configuration
+ * Performs a deep merge with existing configuration to avoid losing other settings.
+ *
+ * @param {Object} updates - The partial configuration to merge in
+ * @returns {Promise<Object>} The updated full configuration
+ */
+export async function updateClaudeConfig(updates) {
+    const configPath = getClaudeConfigPath();
+    let currentConfig = {};
+
+    // 1. Read existing config
+    try {
+        currentConfig = await readClaudeConfig();
+    } catch (error) {
+        // Ignore ENOENT, otherwise rethrow
+        if (error.code !== 'ENOENT') throw error;
+    }
+
+    // 2. Deep merge updates
+    const newConfig = deepMerge(currentConfig, updates);
+
+    // 3. Ensure .claude directory exists
+    const configDir = path.dirname(configPath);
+    try {
+        await fs.mkdir(configDir, { recursive: true });
+    } catch (error) {
+        // Ignore if exists
+    }
+
+    // 4. Write back to file
+    try {
+        await fs.writeFile(configPath, JSON.stringify(newConfig, null, 2), 'utf8');
+        logger.info(`[ClaudeConfig] Updated config at ${configPath}`);
+        return newConfig;
+    } catch (error) {
+        logger.error(`[ClaudeConfig] Failed to write config:`, error.message);
+        throw error;
+    }
+}
+
+/**
+ * Simple deep merge for objects
+ */
+function deepMerge(target, source) {
+    const output = { ...target };
+
+    if (isObject(target) && isObject(source)) {
+        Object.keys(source).forEach(key => {
+            if (isObject(source[key])) {
+                if (!(key in target)) {
+                    Object.assign(output, { [key]: source[key] });
+                } else {
+                    output[key] = deepMerge(target[key], source[key]);
+                }
+            } else {
+                Object.assign(output, { [key]: source[key] });
+            }
+        });
+    }
+
+    return output;
+}
+
+function isObject(item) {
+    return (item && typeof item === 'object' && !Array.isArray(item));
+}

src/utils/logger.js

@@ -1,15 +1,18 @@
 /**
  * Logger Utility
- * 
+ *
  * Provides structured logging with colors and debug support.
  * Simple ANSI codes used to avoid dependencies.
  */
 
+import { EventEmitter } from 'events';
+import util from 'util';
+
 const COLORS = {
     RESET: '\x1b[0m',
     BRIGHT: '\x1b[1m',
     DIM: '\x1b[2m',
-    
+
     RED: '\x1b[31m',
     GREEN: '\x1b[32m',
     YELLOW: '\x1b[33m',
@@ -20,14 +23,17 @@ const COLORS = {
     GRAY: '\x1b[90m'
 };
 
-class Logger {
+class Logger extends EventEmitter {
     constructor() {
+        super();
         this.isDebugEnabled = false;
+        this.history = [];
+        this.maxHistory = 1000;
     }
 
     /**
      * Set debug mode
-     * @param {boolean} enabled 
+     * @param {boolean} enabled
      */
     setDebug(enabled) {
         this.isDebugEnabled = !!enabled;
@@ -40,19 +46,44 @@ class Logger {
         return new Date().toISOString();
     }
 
+    /**
+     * Get log history
+     */
+    getHistory() {
+        return this.history;
+    }
+
     /**
      * Format and print a log message
-     * @param {string} level 
-     * @param {string} color 
-     * @param {string} message 
-     * @param  {...any} args 
+     * @param {string} level
+     * @param {string} color
+     * @param {string} message
+     * @param  {...any} args
      */
     print(level, color, message, ...args) {
         // Format: [TIMESTAMP] [LEVEL] Message
-        const timestamp = `${COLORS.GRAY}[${this.getTimestamp()}]${COLORS.RESET}`;
+        const timestampStr = this.getTimestamp();
+        const timestamp = `${COLORS.GRAY}[${timestampStr}]${COLORS.RESET}`;
         const levelTag = `${color}[${level}]${COLORS.RESET}`;
-        
-        console.log(`${timestamp} ${levelTag} ${message}`, ...args);
+
+        // Format the message with args similar to console.log
+        const formattedMessage = util.format(message, ...args);
+
+        console.log(`${timestamp} ${levelTag} ${formattedMessage}`);
+
+        // Store structured log
+        const logEntry = {
+            timestamp: timestampStr,
+            level,
+            message: formattedMessage
+        };
+
+        this.history.push(logEntry);
+        if (this.history.length > this.maxHistory) {
+            this.history.shift();
+        }
+
+        this.emit('log', logEntry);
     }
 
     /**
@@ -98,7 +129,7 @@ class Logger {
     log(message, ...args) {
         console.log(message, ...args);
     }
-    
+
     /**
      * Print a section header
      */

src/utils/retry.js

@@ -0,0 +1,161 @@
+/**
+ * Retry Utilities with Exponential Backoff
+ *
+ * Provides retry logic with exponential backoff and jitter
+ * to prevent thundering herd and optimize API quota usage.
+ */
+
+import { sleep } from './helpers.js';
+import { logger } from './logger.js';
+
+/**
+ * Calculate exponential backoff delay with jitter
+ *
+ * @param {number} attempt - Current attempt number (0-based)
+ * @param {number} baseMs - Base delay in milliseconds
+ * @param {number} maxMs - Maximum delay in milliseconds
+ * @returns {number} Delay in milliseconds
+ */
+export function calculateBackoff(attempt, baseMs = 1000, maxMs = 30000) {
+    // Exponential: baseMs * 2^attempt
+    const exponential = baseMs * Math.pow(2, attempt);
+
+    // Cap at max
+    const capped = Math.min(exponential, maxMs);
+
+    // Add random jitter (±25%) to prevent thundering herd
+    const jitter = capped * 0.25 * (Math.random() * 2 - 1);
+
+    return Math.floor(capped + jitter);
+}
+
+/**
+ * Retry a function with exponential backoff
+ *
+ * @param {Function} fn - Async function to retry (receives attempt number)
+ * @param {Object} options - Retry options
+ * @param {number} options.maxAttempts - Maximum number of attempts (default: 5)
+ * @param {number} options.baseMs - Base delay in milliseconds (default: 1000)
+ * @param {number} options.maxMs - Maximum delay in milliseconds (default: 30000)
+ * @param {Function} options.shouldRetry - Function to determine if error is retryable
+ * @param {Function} options.onRetry - Callback before each retry (error, attempt, backoffMs)
+ * @returns {Promise<any>} Result from fn
+ * @throws {Error} Last error if all attempts fail
+ */
+export async function retryWithBackoff(fn, options = {}) {
+    const {
+        maxAttempts = 5,
+        baseMs = 1000,
+        maxMs = 30000,
+        shouldRetry = () => true,
+        onRetry = null
+    } = options;
+
+    let lastError;
+
+    for (let attempt = 0; attempt < maxAttempts; attempt++) {
+        try {
+            return await fn(attempt);
+        } catch (error) {
+            lastError = error;
+
+            // Check if this is the last attempt
+            if (attempt === maxAttempts - 1) {
+                logger.debug(`[Retry] All ${maxAttempts} attempts exhausted`);
+                throw error;
+            }
+
+            // Check if error is retryable
+            if (!shouldRetry(error, attempt)) {
+                logger.debug(`[Retry] Error not retryable, aborting: ${error.message}`);
+                throw error;
+            }
+
+            // Calculate backoff
+            const backoffMs = calculateBackoff(attempt, baseMs, maxMs);
+            logger.debug(`[Retry] Attempt ${attempt + 1}/${maxAttempts} failed, retrying in ${backoffMs}ms`);
+
+            // Call onRetry callback
+            if (onRetry) {
+                await onRetry(error, attempt, backoffMs);
+            }
+
+            // Wait before retrying
+            await sleep(backoffMs);
+        }
+    }
+
+    // Should never reach here, but just in case
+    throw lastError;
+}
+
+/**
+ * Check if an error is retryable (5xx errors or network issues)
+ *
+ * @param {Error} error - Error to check
+ * @returns {boolean} True if error is retryable
+ */
+export function isRetryableError(error) {
+    const message = error.message?.toLowerCase() || '';
+
+    // Network errors
+    if (message.includes('econnrefused') ||
+        message.includes('econnreset') ||
+        message.includes('etimedout') ||
+        message.includes('network') ||
+        message.includes('fetch failed')) {
+        return true;
+    }
+
+    // 5xx server errors
+    if (message.includes('500') ||
+        message.includes('502') ||
+        message.includes('503') ||
+        message.includes('504')) {
+        return true;
+    }
+
+    // Rate limits (429) are retryable
+    if (message.includes('429') || message.includes('rate limit')) {
+        return true;
+    }
+
+    return false;
+}
+
+/**
+ * Check if an error is NOT retryable (4xx client errors except 429)
+ *
+ * @param {Error} error - Error to check
+ * @returns {boolean} True if error should not be retried
+ */
+export function isNonRetryableError(error) {
+    const message = error.message?.toLowerCase() || '';
+
+    // Authentication errors (401, 403)
+    if (message.includes('401') ||
+        message.includes('403') ||
+        message.includes('unauthorized') ||
+        message.includes('forbidden')) {
+        return true;
+    }
+
+    // Bad request (400)
+    if (message.includes('400') || message.includes('bad request')) {
+        return true;
+    }
+
+    // Not found (404)
+    if (message.includes('404') || message.includes('not found')) {
+        return true;
+    }
+
+    return false;
+}
+
+export default {
+    calculateBackoff,
+    retryWithBackoff,
+    isRetryableError,
+    isNonRetryableError
+};