From 2dab6de6a23fce96d123cca8aabdb0f62b6fe69e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9C=B1=E6=BD=AE?= <zhuchaowe@users.noreply.github.com>
Date: Fri, 26 Jun 2026 15:35:47 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AD=90=E8=B4=A6=E5=8F=B7=E5=88=97=E8=A1=A8/?=
 =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=8E=A5=E5=8F=A3=E5=8A=A0=20is=5Fsubaccount?=
 =?UTF-8?q?=3DTRUE=20=E8=BF=87=E6=BB=A4=EF=BC=8C=E9=81=BF=E5=85=8D?=
 =?UTF-8?q?=E6=8A=8A=E5=AE=A2=E6=88=B7=E8=B4=A6=E5=8F=B7=E4=B9=9F=E7=AE=97?=
 =?UTF-8?q?=E8=BF=9B=E5=8E=BB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 routes/bot_manager.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/routes/bot_manager.py b/routes/bot_manager.py
index 7b828db..a77fbe4 100644
--- a/routes/bot_manager.py
+++ b/routes/bot_manager.py
@@ -4327,10 +4327,11 @@ async def list_subaccounts(authorization: Optional[str] = Header(None)):
 
     async with pool.connection() as conn:
         async with conn.cursor() as cursor:
+            # 只查真正的子账号，排除客户账号（is_end_user=TRUE 的也挂在 parent_id 下）
             await cursor.execute("""
                 SELECT id, username, email, is_active, created_at, last_login
                 FROM agent_user
-                WHERE parent_id = %s
+                WHERE parent_id = %s AND is_subaccount = TRUE
                 ORDER BY created_at DESC
             """, (user_id,))
             rows = await cursor.fetchall()
@@ -4377,9 +4378,10 @@ async def delete_subaccount(
 
     async with pool.connection() as conn:
         async with conn.cursor() as cursor:
-            # 验证子账号属于当前用户
+            # 验证子账号属于当前用户（且确实是子账号，避免误删客户账号）
             await cursor.execute("""
-                SELECT parent_id FROM agent_user WHERE id = %s
+                SELECT parent_id FROM agent_user
+                WHERE id = %s AND is_subaccount = TRUE
             """, (subaccount_id,))
             row = await cursor.fetchone()