fix: fetch quota on manual refresh button click

[woai66]

Summary

• Fetch and cache quota data after manually refreshing a single account
• Honor quota=fresh on GET /auth/accounts by actively refreshing quotas for active accounts
• Add tls.disable_websocket config support and fix empty proxy_url handling for environments where WebSocket/proxy behavior needs to be controlled

Problem

After importing or adding accounts, the dashboard could show no quota usage until an account was actually used for a proxy request. Clicking the account refresh button only refreshed the OAuth token and checked health; it did not call the upstream Codex usage API. The top-level refresh button already requested ?quota=fresh, but the backend ignored that parameter.

Solution

• POST /auth/accounts/:id/refresh now fetches upstream usage via CodexApi.getUsage() after a successful token refresh and stores it via pool.updateCachedQuota().
• GET /auth/accounts?quota=fresh now refreshes quota for all active accounts before returning the account list.
• Quota fetch failures are logged per account but do not block health/list refresh responses.

Test Plan

• Built the web UI with npm run build:web
• Ran the server locally and imported 3 accounts
• Verified the single-account refresh button displays 5-hour / 7-day quota without needing proxy traffic first
• Verified the top-level refresh button refreshes quota data for all active accounts
• Built a Windows Electron package successfully with cd packages/electron && npm run build && npm run pack:win

[icebear0828]

Review notes:

这个 PR 目前我建议先不要合并，主要风险是它把一个现有代码刻意避开的路径重新加回来了。

现有 src/routes/accounts.ts 和 src/auth/health-check.ts 里已经有明确设计：RT exchange / health-check 只打 OAuth refresh endpoint，不要在刷新 RT 后马上请求 Codex /codex/usage，因为之前标注过这会触发 OpenAI risk detection / deactivation。

但这个 PR 在 POST /auth/accounts/:id/refresh 成功 probeAccount() 后马上 new CodexApi(...).getUsage()，等于手动 refresh 后立刻打 /codex/usage，风险比较高。

另外还有两个实现问题：

1. GET /auth/accounts?quota=fresh 对所有 active accounts 直接 Promise.allSettled(...getUsage())，没有并发限制；账号多时会瞬间 fan-out 到上游。
2. 账号列表接口会变成等待所有 upstream quota 请求完成的慢接口，fetchUsage 默认 15s timeout，dashboard 手动刷新体验可能会卡。

建议把 quota fresh 做成单独、受限、可选的路径，复用现有 quota refresher 的 concurrency / throttle 策略；不要挂在 token refresh 的同步路径后面。tls.disable_websocket 这部分也建议拆开或补完整设置入口和测试，尤其 implicit resume 依赖 WebSocket 支持 previous_response_id，禁用后的行为需要明确。

[icebear0828]

感谢 PR，但有几处需要先调整：

[P1] RT rotation 后立即调 /codex/usage 会触发 OpenAI 风控 — src/routes/accounts.ts:152-158
probeAccount 已经在前面做了 OAuth refresh / RT exchange，紧接着再发 GET /codex/usage 正是项目历史上明确避开的路径——这条组合会被 OpenAI risk detection 标记并停号。点一下刷新按钮就把好号烧了。需要把 usage 拉取改成不跟 RT exchange 串联，或者在 probe 已经做过 token rotation 时跳过。

[P2] WebSocket 禁用时 previous_response_id 续链断 — src/routes/responses.ts:604-608
tls.disable_websocket=true 时仍传 previous_response_id，但 CodexApi.createResponseViaHttp 会把它 strip 掉，请求静默变成新对话。要么保持 WS，要么显式禁用 continuation。

[P2] WS 禁用时 implicit resume 也要关 — src/routes/shared/proxy-handler.ts:325-329
同上，HTTP 模式下 implicit resume 还是 set previous_response_id 并 slice input → /v1/messages 续轮只发尾段 prompt 丢了历史。

[P3] TS no-any — src/routes/accounts.ts:147
let quota = null 被推成 any，违反项目 no-any 规则。标注成 ReturnType<typeof toQuota> | null。