feat: 区分 Anthropic 5m/1h 缓存创建 token 的差异化计费 #3

	name: Security Scan

	on:
	push:
	pull_request:
	schedule:
	- cron: '0 3 * * 1'

	permissions:
	contents: read

	jobs:
	backend-security:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: Set up Go
	uses: actions/setup-go@v5
	with:
	go-version-file: backend/go.mod
	check-latest: false
	cache-dependency-path: backend/go.sum
	- name: Verify Go version
	run: \|
	go version \| grep -q 'go1.25.7'
	- name: Run govulncheck
	working-directory: backend
	run: \|
	go install golang.org/x/vuln/cmd/govulncheck@latest
	govulncheck ./...
	- name: Run gosec
	working-directory: backend
	run: \|
	go install github.com/securego/gosec/v2/cmd/gosec@latest
	gosec -conf .gosec.json -severity high -confidence high ./...

	frontend-security:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: Set up pnpm
	uses: pnpm/action-setup@v4
	with:
	version: 9
	- name: Set up Node.js
	uses: actions/setup-node@v4
	with:
	node-version: '20'
	cache: 'pnpm'
	cache-dependency-path: frontend/pnpm-lock.yaml
	- name: Install dependencies
	working-directory: frontend
	run: pnpm install --frozen-lockfile
	- name: Run pnpm audit
	working-directory: frontend
	run: \|
	pnpm audit --prod --audit-level=high --json > audit.json \|\| true
	- name: Check audit exceptions
	run: \|
	python tools/check_pnpm_audit_exceptions.py \
	--audit frontend/audit.json \
	--exceptions .github/audit-exceptions.yml

Provide feedback