Skip to content

Improve Kimi Code usage reporting#1762

Open
Leechael wants to merge 9 commits into
steipete:mainfrom
Leechael:kimi-code-oauth-credentials
Open

Improve Kimi Code usage reporting#1762
Leechael wants to merge 9 commits into
steipete:mainfrom
Leechael:kimi-code-oauth-credentials

Conversation

@Leechael

@Leechael Leechael commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Summary

Improves Kimi Code usage reporting while keeping Kimi Code separate from Moonshot, Kimi K2, and generic Kimi API providers.

  • Reuses a fresh access token from ~/.kimi-code/credentials/kimi-code.json in auto mode and reports the active source; expired CLI-owned credentials remain read-only and require CLI re-authentication or an explicit API key.
  • Preserves Kimi quota windows and shows Session before Weekly.
  • Adds local Kimi Code wire.jsonl and Pi Kimi session usage behind settings toggles.
  • Keeps explicit API mode API-key only.
  • Keeps generic Pi provider kimi out of Kimi Code accounting; only Kimi Code-specific provider IDs qualify.
  • Preserves existing Pi cost-history behavior when callers omit source options.
  • Invalidates stale Pi cost caches after provider-attribution changes.

Maintainer audit

Exact head: ecc2ccecf

Rebased onto main at 129f6962e, including the landed #1797 cost-accounting/cache-invalidation work and the subsequent widget fix. Later unrelated mainline drift is intentionally preserved while the PR remains mergeable. Contributor authorship remains preserved across the rewritten stack, beginning at 021e5004c.

Maintainer fixes close eight correctness/security gaps found during review:

  1. CLI-owned Kimi OAuth bearer and refresh tokens are no longer forwarded when KIMI_CODE_BASE_URL, KIMI_CODE_OAUTH_HOST, or KIMI_OAUTH_HOST overrides are present. Endpoint overrides require an explicit API key.
  2. Generic Pi provider ID kimi is no longer attributed to Kimi Code.
  3. CostUsageSourceOptions() keeps the existing Pi-session default enabled; the new Kimi source remains disabled by default at the core API boundary. The Pi cache schema is bumped so old attribution is not reused.
  4. CLI-owned OAuth credentials are read-only. Fresh access tokens can be reused; expired credentials route to explicit Kimi CLI re-authentication/API-key remediation without mutating kimi-code.json, including on non-macOS CLI paths.
  5. Fresh CLI OAuth access tokens now send the same identity headers to both /coding/v1/usages and /coding/v1/models; explicit API keys remain unchanged.
  6. Weekly-only quota responses stay in the Weekly lane instead of being mislabeled as Session.
  7. The Kimi provider pane no longer mutates the global Pi session source. Pi analysis is exposed only as the correctly scoped General setting, while Kimi keeps its own provider-specific source toggle.
  8. An absent Kimi session preference is explicitly migrated and persisted as opt-in (false); an existing explicit choice remains unchanged.

CodexBar does not rewrite the CLI-owned credential payload, so unknown fields, permissions, and rotating refresh tokens remain exclusively owned by Kimi Code.

Upstream contract evidence

The implementation follows current official Kimi Code contracts at 62999caca3b56d865bb44f1f0336bff942765d94:

Current upstream records normal model calls as turn and real compaction model calls as session; both are additive usage. The scanner therefore correctly includes both scopes rather than dropping compaction cost.

Privacy and provider isolation

Local scanning aggregates token-usage records; CodexBar does not display raw prompts. Quota and plan data remain Kimi-sourced. Local model-cost values are estimates, not authoritative subscription billing. CLI credential reuse is disabled for custom API/OAuth hosts, preventing CLI-owned credentials from crossing origins.

Validation

Exact maintainer head: ecc2ccecf

  • exact-head focused Kimi and CLI suites: passed, 62 Swift Testing tests plus 23 XCTest tests;
  • exact-head make check: passed (SwiftFormat + strict SwiftLint);
  • exact-head full make test: passed, 44/44 shards;
  • structured autoreview: no accepted/actionable findings; one compatibility concern was rejected because the removed refresh symbols exist only on this unmerged branch and are absent from current origin/main;
  • exact-head ./Scripts/package_app.sh: passed; packaged CodexBar.app;
  • git diff --check origin/main...HEAD: passed;
  • exact-head GitHub CI: run 28527930896 was intentionally cancelled by maintainer coordination to release macOS runners after changes, lint, both Linux builds, and GitGuardian passed. All four macOS shards and the aggregate were cancelled; the run has no exact-head failure, but it is not terminal green. The superseded 74843fae4 run reached terminal 10/10 green after rerunning one macOS shard that hit the 35-minute infrastructure timeout.

A subsequent review found that Kimi wire.jsonl files could still auto-enable the global cost summary even though Kimi scanning defaults off. The fix and regression test are prepared locally at c630d484e; focused tests, make check, structured autoreview, 44/44 full shards, and packaging pass. It remains intentionally unpublished until the clear-wave runner-capacity gate is lifted, so the review thread and fresh exact-head CI remain outstanding.

No real Kimi Code credential, Kimi local sessions, or Pi Kimi session records are available in the authorized test environment. Therefore the API response shape, fresh CLI-credential reuse, expired-credential remediation, and rendered real-account values do not yet have exact live proof.

Landing decision

Recommendation: hold; do not merge yet. The file-ownership/security decision is resolved with read-only CLI credentials. Two gates remain:

  1. Publish and verify the opt-in fix. Push the locally prepared global-default regression fix only after runner capacity is released, reply to and resolve the review thread after publication, then obtain fresh exact-head terminal-green CI.
  2. Live proof. Exercise API-key usage, fresh OAuth reuse, expired-credential remediation, real Kimi Code wire.jsonl, and real Pi Kimi records; verify account identity/plan isolation and fetch latency with redacted output.

The prior #1797 overlap is resolved in this rewritten head. No changelog entry is included on the contributor branch; the maintainer should add one with contributor thanks only if the live proof gate is cleared and the PR is landed.

@clawsweeper

clawsweeper Bot commented Jun 26, 2026

Copy link
Copy Markdown

Codex review: needs real behavior proof before merge. Reviewed July 6, 2026, 10:38 AM ET / 14:38 UTC.

Summary
The PR adds Kimi Code OAuth credential reuse, Kimi and Pi local session cost scanning, Kimi usage presentation changes, settings toggles, CLI cost support, docs, cache invalidation, and tests.

Reproducibility: yes. for the source-level review findings: exact PR head shows disabled Kimi logs still trigger the global cost auto-default and docs still claim expired credential refresh. No for live behavior: no real Kimi credential or session data was provided.

Review metrics: 2 noteworthy metrics.

  • Diff surface: 40 files, +2201/-231. The PR spans auth, settings, cache schema, local scanners, CLI output, docs, and tests, so review needs more than fixture coverage.
  • Live Kimi proof: 0 real credential/session sources. The PR body says no real Kimi credential, Kimi session, or Pi Kimi records were available, which is material for provider behavior.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🦐 gold shrimp
Result: blocked until real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • [P1] Push the prepared opt-in/default fix and update the OAuth docs to match read-only expired credentials.
  • [P1] Add redacted live proof for API-key usage, fresh OAuth reuse, expired-credential remediation, Kimi Code wire.jsonl scanning, and Pi Kimi records.
  • After the branch update, wait for exact-head CI to finish green.

Proof guidance:

  • [P1] Needs real behavior proof before merge: Missing: the PR body says no real Kimi Code credential, Kimi local sessions, or Pi Kimi records were available, so redacted terminal output, logs, screenshots, recordings, or linked live output are still needed before merge. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

  • [P1] Live Kimi API-key, OAuth credential, expired-credential remediation, Kimi wire.jsonl, and Pi Kimi behavior is unproven against a real account/session tree.
  • [P1] The current head still lets disabled Kimi wire logs enable the global cost summary on fresh installs, which can surface an empty Kimi cost experience from a source the user has not opted into.
  • [P1] The docs still describe expired CLI credential refresh even though the implementation intentionally keeps CLI-owned credentials read-only.

Maintainer options:

  1. Fix defaults and require live Kimi proof (recommended)
    Update current head to stop Kimi logs from enabling a disabled cost source, align the OAuth docs, and add redacted live API/OAuth/session proof before merge.
  2. Accept the provider-contract risk
    Maintainers may choose to merge fixture-tested Kimi behavior without real account evidence, but should treat any real-provider mismatch as owned follow-up work.
  3. Pause the branch
    If no real Kimi credential or session data is available for proof, keep the PR paused rather than shipping broad auth and usage-reporting changes.

Next step before merge

  • [P1] Human follow-up is needed because automation cannot provide real Kimi credential/session proof, and the branch still needs a small source/docs update before merge.

Maintainer decision needed

  • Question: Should this PR remain blocked until redacted live Kimi proof and the current opt-in/docs fixes land, or may maintainers accept the unproven provider behavior?
  • Rationale: The remaining blocker is not fully decidable from source inspection because the branch changes real Kimi credentials, account data, and local session formats that are unavailable in this review environment.
  • Likely owner: steipete — steipete authored the maintainer fixes and is the strongest current-history owner for Kimi provider and cost-source behavior in this repo.
  • Options:
    • Require proof and fixes before merge (recommended): Update the branch for the disabled Kimi log auto-default and OAuth docs, then require redacted live Kimi API/OAuth/session evidence before landing.
    • Accept unproven provider behavior: Maintainers can intentionally merge based on fixture coverage, but would own the risk that real Kimi account contracts or session layouts differ.
    • Pause until Kimi access is available: Hold the PR until someone with a real Kimi setup can provide safe proof without exposing credentials or private data.

Security
Cleared: No concrete security or supply-chain defect was found; the branch keeps expired CLI credentials read-only and blocks CLI-owned credentials from endpoint overrides.

Review findings

  • [P2] Keep disabled Kimi logs out of the auto default — Sources/CodexBar/SettingsStore+TokenCost.swift:127-128
  • [P2] Align OAuth docs with read-only credentials — docs/kimi.md:57-58
Review details

Best possible solution:

Land only after the branch skips disabled Kimi logs for the global auto-default, aligns the OAuth docs with read-only expired credentials, and includes redacted live proof for API key, fresh OAuth, expired credential remediation, Kimi wire.jsonl, and Pi Kimi sessions.

Do we have a high-confidence way to reproduce the issue?

Yes for the source-level review findings: exact PR head shows disabled Kimi logs still trigger the global cost auto-default and docs still claim expired credential refresh. No for live behavior: no real Kimi credential or session data was provided.

Is this the best way to solve the issue?

No; the implementation direction is plausible, but the branch should fix the default detector/docs mismatch and provide redacted live Kimi proof before merge.

Full review comments:

  • [P2] Keep disabled Kimi logs out of the auto default — Sources/CodexBar/SettingsStore+TokenCost.swift:127-128
    Late discovery from the unchanged earlier head: this detector returns true for Kimi wire.jsonl files, but the new Kimi Code source is persisted as false by default. A fresh install with only Kimi logs can therefore enable the global cost summary while the only detected source remains disabled, producing an empty Kimi cost view; skip Kimi here until its source is explicitly enabled or enable the matching source intentionally.
    Confidence: 0.91
    Late finding: first raised on code an earlier review cycle already covered.
  • [P2] Align OAuth docs with read-only credentials — docs/kimi.md:57-58
    This section still says CodexBar refreshes an expired Kimi Code credential through the OAuth token endpoint, but the current implementation only reuses fresh access tokens and routes expired CLI-owned credentials to CLI re-authentication or an explicit API key. Users with expired credentials would follow the wrong recovery path unless this text is updated.
    Confidence: 0.93

Overall correctness: patch is incorrect
Overall confidence: 0.88

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against b00797537dbf.

Label changes

Label justifications:

  • P2: This is a substantial provider improvement with limited blast radius, but it is not a shipped urgent regression.
  • merge-risk: 🚨 compatibility: The branch changes cost-source defaults, cache versions, source toggles, and fresh-install behavior for users with local usage data.
  • merge-risk: 🚨 auth-provider: The branch adds Kimi OAuth credential reuse, identity headers, endpoint-override safeguards, and expired-credential routing that need real-provider proof.
  • rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🦐 gold shrimp.
  • status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: Missing: the PR body says no real Kimi Code credential, Kimi local sessions, or Pi Kimi records were available, so redacted terminal output, logs, screenshots, recordings, or linked live output are still needed before merge. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.
Evidence reviewed

What I checked:

  • AGENTS policy read: Read the full target AGENTS.md and applied the provider-siloing and no-unrequested-live-credential-probe guidance during review. (AGENTS.md:1, b00797537dbf)
  • Current main lacks Kimi cost reporting: On current main, Kimi token cost support is still disabled and the no-data message says Kimi cost summary is unsupported. (Sources/CodexBarCore/Providers/Kimi/KimiProviderDescriptor.swift:30, b00797537dbf)
  • Current main CLI cost excludes Kimi: The current CLI cost command supports only Claude and Codex, so the Kimi CLI cost path is unique to this branch. (Sources/CodexBarCLI/CLICostCommand.swift:6, b00797537dbf)
  • Diff surface: The branch changes 40 files with +2201/-231 across auth, settings, scanners, cache, CLI, docs, and tests. (c7a518e642a8)
  • Disabled Kimi logs still auto-enable global cost summary: PR head detects Kimi wire.jsonl as a global token-cost source even though Kimi Code session scanning is persisted as opt-in false by default. (Sources/CodexBar/SettingsStore+TokenCost.swift:127, c7a518e642a8)
  • Docs contradict read-only expired credentials: PR-head docs still say CodexBar refreshes expired CLI credentials, while the implementation only returns fresh access tokens and tests assert expired credentials remain unchanged. (docs/kimi.md:57, c7a518e642a8)

Likely related people:

  • steipete: Current-main Kimi provider and settings/cost files blame to Peter Steinberger in this checkout, and he authored several maintainer fixes on the PR branch for credential isolation, identity headers, source toggles, and read-only credentials. (role: recent area contributor and reviewer; confidence: high; commits: 0cb8abd8d50e, d392d4563bad, ac2f5656bd83; files: Sources/CodexBarCore/Providers/Kimi/KimiProviderDescriptor.swift, Sources/CodexBarCore/Providers/Kimi/KimiSettingsReader.swift, Sources/CodexBar/SettingsStore+TokenCost.swift)
  • Leechael: Leechael authored the branch commits that add Kimi Code OAuth/session reporting and the PR body links the pi-provider-kimi-code contract as upstream evidence beyond the proposal itself. (role: feature contributor and Kimi Code domain contributor; confidence: medium; commits: 43346816199e, c7a518e642a8; files: Sources/CodexBarCore/Providers/Kimi/KimiSettingsReader.swift, Sources/CodexBarCore/PiSessionCostScanner.swift, docs/kimi.md)
  • kiranmagic7: Repository history shows kiranmagic7 added the Kimi Code API usage source that this branch extends with OAuth credentials and local Kimi Code usage sources. (role: Kimi Code API feature contributor; confidence: medium; commits: 2c7283b6fe45; files: Sources/CodexBarCore/Providers/Kimi/KimiSettingsReader.swift, Sources/CodexBarCore/Providers/Kimi/KimiProviderDescriptor.swift, docs/kimi.md)
  • Nimrod Gutman: Git history shows Nimrod Gutman introduced Pi session usage merging into provider history, which is the cost-scanner surface this PR extends for Kimi. (role: adjacent Pi cost-history contributor; confidence: medium; commits: c23edb9dc048; files: Sources/CodexBarCore/PiSessionCostScanner.swift, Sources/CodexBarCore/PiSessionCostCache.swift)
  • dstier-git: The PR is rebased over the merged cost-accounting and cache-invalidation work from the related cost PR, which overlaps the cache and pricing behavior this branch changes. (role: adjacent cost-cache contributor; confidence: medium; commits: 306cf96787f0; files: Sources/CodexBarCore/CostUsageFetcher.swift, Sources/CodexBarCore/PiSessionCostCache.swift, Tests/CodexBarTests/CostUsageFetcherTests.swift)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.
Review history (1 earlier review cycle)
  • reviewed 2026-07-01T15:25:45.382Z sha ecc2cce :: needs real behavior proof before merge. :: [P2] Align OAuth docs with read-only credentials

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

public let sessionRequests: Int?
public let last30DaysTokens: Int?
public let last30DaysCostUSD: Double?
public let last30DaysRequests: Int?

P2 Badge Populate request totals before exposing them

The new request fields stay nil for every CostUsageTokenSnapshot built through CostUsageFetcher.tokenSnapshot: that factory only derives tokens/cost and calls this initializer without sessionRequests or last30DaysRequests. In practice the Kimi Code scanner can put requestCount on daily entries, but the menu/dashboard paths that read snapshot.last30DaysRequests never see it, so request counts are dropped from the reported Kimi usage. Derive these values from sessionEntry.requestCount and the daily entries when constructing the snapshot.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/Kimi/KimiUsageSnapshot.swift
@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. P2 Normal priority bug or improvement with limited blast radius. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. labels Jun 26, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b21d056568

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/Kimi/KimiSettingsReader.swift Outdated
Comment thread Sources/CodexBarCore/CostUsageFetcher.swift
@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. and removed rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. labels Jun 26, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5a3a4ebdd0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/PiSessionCostScanner.swift
@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. and removed rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. labels Jun 26, 2026
@Leechael

Copy link
Copy Markdown
Contributor Author

@clawsweeper re-review

@clawsweeper

clawsweeper Bot commented Jun 27, 2026

Copy link
Copy Markdown

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@Leechael Leechael force-pushed the kimi-code-oauth-credentials branch from 9f4fc8f to 7059706 Compare June 29, 2026 13:11

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 84640a3768

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/Kimi/KimiSettingsReader.swift Outdated
Comment thread Sources/CodexBarCore/PiSessionCostScanner.swift

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3b79341e18

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/PiSessionCostScanner.swift
@steipete steipete force-pushed the kimi-code-oauth-credentials branch from 3b79341 to 732897f Compare July 1, 2026 10:32

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 732897f13d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/Kimi/KimiProviderDescriptor.swift Outdated
Comment thread Sources/CodexBarCore/Providers/Kimi/KimiUsageSnapshot.swift Outdated
@steipete steipete force-pushed the kimi-code-oauth-credentials branch from 732897f to 0ca2a2e Compare July 1, 2026 11:05

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: df1a1d1666

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBar/Providers/Kimi/KimiProviderImplementation.swift Outdated
Comment thread Sources/CodexBar/SettingsStore.swift Outdated

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 74843fae4e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/Kimi/KimiProviderDescriptor.swift Outdated
Comment thread Sources/CodexBarCore/Providers/Kimi/KimiSettingsReader.swift Outdated

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ecc2ccecfc

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +125 to +126
for case let url as URL in enumerator where url.lastPathComponent == "wire.jsonl" {
return true

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Don't auto-enable cost history from disabled Kimi logs

Fresh evidence after the opt-in fix: loadCostDefaults now persists tokenCostKimiCodeSessionsEnabled as false, but this detector still returns true when a fresh install has only Kimi wire.jsonl files. applyTokenCostDefaultIfNeeded() then silently enables the global cost summary even though the Kimi source remains disabled, so the first refresh can show “No local Kimi Code session usage found” despite those files being the only reason the feature was enabled; skip Kimi here until the Kimi source is explicitly enabled, or don't use it for the global auto-default.

Useful? React with 👍 / 👎.

@Leechael Leechael force-pushed the kimi-code-oauth-credentials branch from ecc2cce to c7a518e Compare July 6, 2026 14:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. P2 Normal priority bug or improvement with limited blast radius. rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants