docs: Authentication suggestion

pages/docs/features/model-integration/page.tsx

@@ -106,6 +106,32 @@ export default function ModelIntegration() {
 				</ul>
 			</div>
 
+			<h2 className="text-2xl font-bold mb-3">{t('model_integration.security')}</h2>
+
+			<div className="p-4 bg-yellow-50 dark:bg-yellow-900/20 border-l-4 border-yellow-500 mb-4">
+				<p className="text-sm font-semibold text-yellow-900 dark:text-yellow-200">
+					{t('model_integration.security_warning')}
+				</p>
+			</div>
+
+			<p className="text-gray-600 dark:text-gray-300 mb-4">
+				{t('model_integration.security_desc')}
+			</p>
+
+			<div className="p-4 bg-blue-50 dark:bg-blue-900/20 rounded-lg mb-6">
+				<h3 className="text-lg font-semibold mb-3 text-blue-900 dark:text-blue-300">
+					{t('model_integration.security_backend_proxy')}
+				</h3>
+				<p className="text-sm text-gray-600 dark:text-gray-300 mb-3">
+					{t('model_integration.security_backend_desc')}
+				</p>
+				<ul className="text-sm text-gray-600 dark:text-gray-300 space-y-1 list-none pl-0">
+					<li>{t('model_integration.security_method_1')}</li>
+					<li>{t('model_integration.security_method_2')}</li>
+					<li>{t('model_integration.security_method_3')}</li>
+				</ul>
+			</div>
+
 			<h2 className="text-2xl font-bold mb-3">{t('model_integration.configuration')}</h2>
 
 			<CodeEditor

pages/i18n/locales/en-US/docs.ts

@@ -141,6 +141,16 @@ export default {
 		tip_2:
 			"Non-OpenAI models don't guarantee JSON schema compliance—tool call may error but usually recovers. Higher temperature recommended",
 		tip_3: 'Small/nano models perform poorly',
+		security: '🔐 Production Authentication',
+		security_warning: '⚠️ Never commit real LLM API Keys to your frontend codebase',
+		security_desc:
+			'In production environments, to hide the real LLM API Keys, we recommend the following architecture:',
+		security_backend_proxy: 'Backend Proxy Pattern',
+		security_backend_desc:
+			'Set up a backend LLM proxy endpoint that uses the same authentication method as other APIs in your website, such as:',
+		security_method_1: '• Session/Cookie-based authentication',
+		security_method_2: '• OIDC (OpenID Connect) single sign-on',
+		security_method_3: '• Temporary Access Key or JWT Token',
 		configuration: 'Configuration',
 	},
 	custom_tools: {

pages/i18n/locales/zh-CN/docs.ts

@@ -113,7 +113,7 @@ export default {
 	},
 	model_integration: {
 		title: '模型接入',
-		subtitle: '当前支持符合 OpenAI 接口规范且支持 tool call 的模型，包括公有云服务和私有部署方案。',
+		subtitle: '当前支持符合 OpenAI 接口规范且支持 tool call 的模型,包括公有云服务和私有部署方案。',
 		recommended: '推荐模型',
 		model_gpt4_title: '⚡ gpt-4.1-mini',
 		model_gpt4_badge: '评估基准 ✅',
@@ -123,22 +123,31 @@ export default {
 		model_deepseek_title: '💰 DeepSeek-3.2',
 		model_deepseek_badge: '经济实惠',
 		model_deepseek_1: '• 价格远低于同等级其他模型',
-		model_deepseek_2: '• ToolCall 有出错率，通常能够自动修复',
+		model_deepseek_2: '• ToolCall 有出错率,通常能够自动修复',
 		model_deepseek_3: '• 本网站提供的免费试用为 DeepSeek',
 		model_qwen_title: '🛡️ qwen3',
 		model_qwen_badge: '安全合规',
-		model_qwen_1: '• 可控、效果尚可，价格合理',
-		model_qwen_2: '• ToolCall 有出错率，通常能够自动修复',
+		model_qwen_1: '• 可控、效果尚可,价格合理',
+		model_qwen_2: '• ToolCall 有出错率,通常能够自动修复',
 		model_qwen_3: '• 适合能给出详细步骤的场景',
 		model_gemini_title: '⚡ gemini-2.5-flash',
-		model_gemini_badge: '极其高效，成功率高，价格合理',
+		model_gemini_badge: '极其高效,成功率高,价格合理',
 		available: '可用模型',
 		available_verified: '✅ 已验证可用',
 		tips: '提示',
-		tip_1: 'reasoning 模型（如 GPT-5），速度偏慢，没有必要',
+		tip_1: 'reasoning 模型(如 GPT-5),速度偏慢,没有必要',
 		tip_2:
-			'不保证 json schema 的模型（openAI 以外的几乎所有模型），tool call 有概率出错，通常能自动修复，建议 temperature 设置高一些',
-		tip_3: '小模型、nano 模型，效果不佳',
+			'不保证 json schema 的模型(openAI 以外的几乎所有模型),tool call 有概率出错,通常能自动修复,建议 temperature 设置高一些',
+		tip_3: '小模型、nano 模型,效果不佳',
+		security: '🔐 生产环境鉴权建议',
+		security_warning: '⚠️ 永远不要把真实的 LLM API Key 发布到前端代码库',
+		security_desc: '在实际应用中,为了隐藏真实的 LLM API Key，建议采用以下架构:',
+		security_backend_proxy: '后端代理转发',
+		security_backend_desc:
+			'在后端搭建一个 LLM 流量转发接口,该接口使用与你网站上其他接口相同的鉴权方式,例如:',
+		security_method_1: '• Session/Cookie 会话认证',
+		security_method_2: '• OIDC (OpenID Connect) 单点登录',
+		security_method_3: '• 临时 Access Key 或 JWT Token',
 		configuration: '配置方式',
 	},
 	custom_tools: {