支持Anthropic端点客户端x-api-key：\n- /v1/messages读取x-api-key并优先作为客户端授权传递\n- getAnthropicHeaders转发x-api-key并透传anthropic-version\n- CORS允许X-API-Key与anthropic-version

routes.js

@@ -257,10 +257,13 @@ async function handleDirectResponses(req, res) {
 
     logInfo(`Direct forwarding to ${model.type} endpoint: ${endpoint.base_url}`);
 
-    // Get API key
+    // Get API key - support client x-api-key for anthropic endpoint
     let authHeader;
     try {
-      authHeader = await getApiKey(req.headers.authorization);
+      const clientAuthFromXApiKey = req.headers['x-api-key']
+        ? `Bearer ${req.headers['x-api-key']}`
+        : null;
+      authHeader = await getApiKey(req.headers.authorization || clientAuthFromXApiKey);
     } catch (error) {
       logError('Failed to get API key', error);
       return res.status(500).json({ 

server.js

@@ -12,7 +12,7 @@ app.use(express.urlencoded({ extended: true, limit: '50mb' }));
 app.use((req, res, next) => {
   res.header('Access-Control-Allow-Origin', '*');
   res.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
-  res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+  res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-API-Key, anthropic-version');
   
   if (req.method === 'OPTIONS') {
     return res.sendStatus(200);

transformers/request-anthropic.js

@@ -162,8 +162,9 @@ export function getAnthropicHeaders(authHeader, clientHeaders = {}, isStreaming
   const headers = {
     'accept': 'application/json',
     'content-type': 'application/json',
-    'anthropic-version': '2023-06-01',
-    'x-api-key': 'placeholder',
+    'anthropic-version': clientHeaders['anthropic-version'] || '2023-06-01',
+    // Prefer client-provided x-api-key for anthropic endpoint format
+    ...(clientHeaders['x-api-key'] ? { 'x-api-key': clientHeaders['x-api-key'] } : {}),
     'authorization': authHeader || '',
     'x-api-provider': 'anthropic',
     'x-factory-client': 'cli',