修复 /v1/messages 端点 x-api-key 认证逻辑：

- handleDirectMessages 读取客户端 x-api-key header
- getAnthropicHeaders 优先使用客户端 x-api-key，避免同时设置 x-api-key 和 authorization

transformers/request-anthropic.js

@@ -163,9 +163,6 @@ export function getAnthropicHeaders(authHeader, clientHeaders = {}, isStreaming
     'accept': 'application/json',
     'content-type': 'application/json',
     'anthropic-version': clientHeaders['anthropic-version'] || '2023-06-01',
-    // Prefer client-provided x-api-key for anthropic endpoint format
-    ...(clientHeaders['x-api-key'] ? { 'x-api-key': clientHeaders['x-api-key'] } : {}),
-    'authorization': authHeader || '',
     'x-api-provider': 'anthropic',
     'x-factory-client': 'cli',
     'x-session-id': sessionId,
@@ -175,6 +172,14 @@ export function getAnthropicHeaders(authHeader, clientHeaders = {}, isStreaming
     'connection': 'keep-alive'
   };
 
+  // Prefer client-provided x-api-key for anthropic endpoint format
+  if (clientHeaders['x-api-key']) {
+    headers['x-api-key'] = clientHeaders['x-api-key'];
+  } else if (authHeader) {
+    // If no client x-api-key, use authorization header (from FACTORY_API_KEY or refresh token)
+    headers['authorization'] = authHeader;
+  }
+
   // Handle anthropic-beta header based on reasoning configuration
   const reasoningLevel = modelId ? getModelReasoning(modelId) : null;
   let betaValues = [];