Skip to content

[codex] Add Doubao coding plan usage#1727

Closed
LeoLin990405 wants to merge 12 commits into
steipete:mainfrom
LeoLin990405:feat/doubao-coding-plan
Closed

[codex] Add Doubao coding plan usage#1727
LeoLin990405 wants to merge 12 commits into
steipete:mainfrom
LeoLin990405:feat/doubao-coding-plan

Conversation

@LeoLin990405

@LeoLin990405 LeoLin990405 commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Summary

Fixes #1724.

This adds first-class Doubao Coding Plan usage fetching through Volcengine's signed OpenAPI path while preserving the existing Ark API-key probe as a fallback.

What changed

  • Add Volcengine AK/SK/region settings and environment projection for Doubao.
  • Add HMAC-SHA256 Volcengine request signing for GetCodingPlanUsage.
  • Parse QuotaUsage into 5-hour, weekly, and monthly usage windows.
  • Keep the legacy Ark bearer-token probe when only an Ark API key is configured.
  • Surface Volcengine ResponseMetadata.Error.{Code,Message} on failures, so a key lacking the ark:GetCodingPlanUsage permission shows AccessDenied: … instead of an opaque HTTP 403 (322 bytes).

Investigation notes

opencli inspection of the Volcengine Ark console showed the Coding Plan page calling GetCodingPlanUsage, returning session, weekly, and monthly percentages plus reset timestamps. The signing implementation follows Volcengine's documented HMAC-SHA256 request shape with the date/region/service/request credential scope.

Live proof (after-fix, CodexBar's own signed path)

Ran CodexBar's own signed CLI with a long-term Volcengine AK/SK (via CODEXBAR_CONFIG, no ark-cli involved). DoubaoUsageFetcher signs the request, calls GetCodingPlanUsage, and renders the three windows — "Limits not available" is gone:

== Doubao (api) ==
5-hour:  99% left   Resets in 2h 38m
Weekly:  97% left   Resets in 3d 7h
Monthly: 99% left   Resets in 23d 7h
Plan: Running

Independently cross-checked with the official @volcengine/ark-cli (arkcli usage plan --product coding-plan) — matches 1:1 (session 0.0023% used → 99% left, weekly 2.49% → 97%, monthly 1.26% → 99%). Details: #1727 (comment)

While validating, an under-permissioned key returned Volcengine AccessDenied on ark:GetCodingPlanUsage (not SignatureDoesNotMatch), confirming the signer itself is correct — the request authenticates and is authorized server-side. That also motivated the error-surfacing change above.

Note (scope): the signer uses long-term AK/SK only — it does not attach an STS X-Security-Token, so SSO/temporary credentials won't work. Happy to add session-token support as a follow-up if wanted.

Validation

  • make check
  • swift test --filter 'Doubao|ProviderConfigEnvironment|ConfigValidation' — green (incl. new coding plan fetch surfaces volcengine access denied error)
  • swift run CodexBarCLI usage --provider doubao --source api — renders real Coding Plan windows with a permissioned AK/SK; falls back to the Ark bearer probe when only an Ark API key is present
  • Rebased onto latest main; branch is MERGEABLE and CI is green.

Remaining gate

Product decision (issue is labeled needs-product-decision): whether to accept a Volcengine AK/SK credential path for Doubao. The implementation keeps a single settings field and auto-selects signed vs. bearer by input shape (AKLT… access key → signed), so it doesn't force a second credential UI or regress bearer-only users.

Copy link
Copy Markdown
Contributor Author

OpenCLI follow-up notes for reviewers:

Validation already run locally:

  • make check
  • swift test --filter 'Doubao|ProviderConfigEnvironmentTests'

The signer emitted canonical headers / SignedHeaders as
host;x-date;x-content-sha256;content-type. Volcengine V4 (AWS SigV4
derived) requires them sorted by lower-cased header name, and the server
re-sorts + recomputes the signature, so the unsorted order would yield a
signature mismatch (HTTP 403) on live GetCodingPlanUsage calls. Sort to
content-type;host;x-content-sha256;x-date and update the test expectation.

Note: the signing test asserts structure only (no golden vector), so this
still needs a live AK/SK request to confirm the server accepts it.
@LeoLin990405

Copy link
Copy Markdown
Contributor Author

Pushed eefcab40: the Volcengine V4 signer emitted canonical headers / SignedHeaders as host;x-date;x-content-sha256;content-type — unsorted. Volcengine V4 (AWS-SigV4-derived) requires them sorted by lower-cased header name; the server re-sorts and recomputes, so the unsorted list would have failed every live GetCodingPlanUsage call with a signature mismatch (HTTP 403). Sorted to content-type;host;x-content-sha256;x-date + updated the test expectation.

Heads-up: the signing test asserts structure only (credential scope + SignedHeaders string), not a golden signature, so it would not have caught this. A real AK/SK request is still needed to confirm the server accepts the signature end-to-end. The decode/mapping (QuotaUsage session/weekly/monthly → RateWindow) I verified against a live console response and it matches.

@clawsweeper

clawsweeper Bot commented Jun 23, 2026

Copy link
Copy Markdown

Codex review: needs maintainer review before merge. Reviewed July 2, 2026, 4:39 AM ET / 08:39 UTC.

Summary
The branch adds signed Volcengine GetCodingPlanUsage support for Doubao Coding Plan usage, new AK/SK/region settings and env projection, Ark bearer fallback preservation, dynamic Doubao labels, Volcengine error parsing, and regression tests.

Reproducibility: not applicable. as a bug reproduction: this is a feature PR for a new Doubao Coding Plan fetch path. The after-fix behavior is nevertheless supported by redacted live CodexBarCLI output in the PR discussion.

Review metrics: 3 noteworthy metrics.

  • Diff size: 15 files, +1074/-36. The branch spans provider runtime, settings/config projection, UI labels, signing, and tests, so auth behavior is the review focus.
  • Credential aliases: 4 access-key, 5 secret-key, 4 region env aliases. Broad env alias support affects how existing Doubao and Volcengine environments choose signed Coding Plan versus Ark fallback.
  • Regression surface: 4 test files changed. Focused tests cover parser/signing, config validation, credential projection, labels, and fallback behavior.

Root-cause cluster
Relationship: fixed_by_candidate
Canonical: #1724
Summary: This PR is the candidate implementation for the open Doubao Coding Plan usage issue; the custom-provider and Agent Plan reports are related but distinct.

Members:

Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • Get explicit maintainer approval for the long-term Volcengine AK/SK credential direction or requested auth-shape changes.

Risk before merge

  • [P1] Merging intentionally adds a long-term Volcengine AK/SK credential path for Doubao, so maintainers need to accept the auth and storage surface before landing it.
  • [P1] Credential precedence now distinguishes Ark bearer keys from AKLT access-key IDs and can try signed Coding Plan before falling back to Ark; tests cover common cases, but the upgrade behavior needs maintainer acceptance.
  • [P1] The signer currently supports long-term AK/SK only; SSO/temporary STS credentials need a later session-token follow-up if maintainers want that workflow.

Maintainer options:

  1. Approve the AK/SK path deliberately (recommended)
    Maintainers can accept the new long-term Volcengine AK/SK route and merge after required checks, with STS/session-token support left as a documented follow-up.
  2. Make auth selection more explicit first
    If automatic AKLT detection is not the desired UX, ask for a narrow revision such as explicit Doubao auth-mode copy, docs, or setting behavior before merge.
  3. Pause long-term key support
    If long-term Volcengine secrets do not belong in CodexBar, pause or close this PR and leave the linked issue for a different provider-auth design.

Next step before merge

  • [P2] The remaining action is maintainer approval of the Doubao AK/SK credential direction, not a narrow automated code repair.

Security
Cleared: No concrete security or supply-chain defect was found in the diff; the new AK/SK auth surface is tracked as merge risk rather than a line-level bug.

Review details

Best possible solution:

Have a maintainer explicitly approve or reject the Doubao AK/SK credential direction; if approved, land after required checks and keep STS/session-token support as a follow-up.

Do we have a high-confidence way to reproduce the issue?

Not applicable as a bug reproduction: this is a feature PR for a new Doubao Coding Plan fetch path. The after-fix behavior is nevertheless supported by redacted live CodexBarCLI output in the PR discussion.

Is this the best way to solve the issue?

Technically yes, this is a focused implementation for GetCodingPlanUsage and preserves the Ark bearer fallback with tests. Product-wise it remains pending until maintainers accept the new AK/SK credential path.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against 450ca4d91565.

Label changes

Label changes:

  • add proof: sufficient: Contributor real behavior proof is sufficient. The PR body and latest comment include redacted live output from CodexBar's own signed CLI using long-term Volcengine AK/SK and rendering real Doubao Coding Plan windows.
  • add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
  • add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body and latest comment include redacted live output from CodexBar's own signed CLI using long-term Volcengine AK/SK and rendering real Doubao Coding Plan windows.
  • remove status: 📣 needs proof: Current PR status label is status: 👀 ready for maintainer look.
  • remove rating: 🦪 silver shellfish: Current PR rating is rating: 🐚 platinum hermit, so this older rating label is no longer current.

Label justifications:

  • P2: This is a normal-priority provider usage improvement with limited blast radius but meaningful runtime value for Doubao Coding Plan users.
  • merge-risk: 🚨 compatibility: The PR changes Doubao credential precedence, labels, and fallback behavior for existing config/env combinations.
  • merge-risk: 🚨 auth-provider: The PR adds Volcengine AK/SK/region authentication alongside the existing Ark bearer-token path.
  • merge-risk: 🚨 security-boundary: The PR introduces an additional long-term secret field and signed request path that maintainers should explicitly accept.
  • rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
  • status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (live_output): The PR body and latest comment include redacted live output from CodexBar's own signed CLI using long-term Volcengine AK/SK and rendering real Doubao Coding Plan windows.
  • proof: sufficient: Contributor real behavior proof is sufficient. The PR body and latest comment include redacted live output from CodexBar's own signed CLI using long-term Volcengine AK/SK and rendering real Doubao Coding Plan windows.
Evidence reviewed

What I checked:

Likely related people:

  • LeoLin990405: Prior merged history shows Zhongyue Lin authored the original Qwen/Doubao provider work and the Doubao false-100% usage fix; this PR also continues that same Doubao usage surface. (role: introduced behavior and current domain contributor; confidence: high; commits: 6eb3699ec977, a31709838797, 970b938750ed; files: Sources/CodexBarCore/Providers/Doubao/DoubaoUsageFetcher.swift, Sources/CodexBarCore/Providers/Doubao/DoubaoProviderDescriptor.swift, Sources/CodexBar/Providers/Doubao/DoubaoProviderImplementation.swift)
  • steipete: Peter Steinberger co-authored or merged prior Doubao provider work, authored the unavailable Doubao quota behavior, and recently touched adjacent provider config override code. (role: recent area contributor and merger; confidence: high; commits: 6eb3699ec977, 4a6fa81c3e1f, 87635bcc755b; files: Sources/CodexBarCore/Providers/Doubao/DoubaoUsageFetcher.swift, Tests/CodexBarTests/DoubaoMenuCardModelTests.swift, Sources/CodexBarCore/Config/ProviderConfigEnvironment.swift)
  • Kentoku Matsunami: Local current-main blame for the present Doubao source files points to commit 5bfd1d1, though older GitHub-visible history gives stronger ownership signals to the Doubao-specific authors above. (role: current-main blame signal; confidence: medium; commits: 5bfd1d1474bb; files: Sources/CodexBarCore/Providers/Doubao/DoubaoUsageFetcher.swift, Sources/CodexBarCore/Providers/Doubao/DoubaoProviderDescriptor.swift, Sources/CodexBar/Providers/Doubao/DoubaoProviderImplementation.swift)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. P2 Normal priority bug or improvement with limited blast radius. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. labels Jun 23, 2026
@LeoLin990405 LeoLin990405 marked this pull request as ready for review June 24, 2026 01:37
@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. and removed rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. labels Jun 24, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: eefcab4092

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Config/ProviderConfigEnvironment.swift Outdated
LeoLin added 2 commits June 24, 2026 14:44
@LeoLin990405

Copy link
Copy Markdown
Contributor Author

Addressed the current P2 in 22a6bad6:

  • Merged Doubao config/env Volcengine AK/SK before projecting Coding Plan credentials, so config AK + env SK (and the reverse) now takes the signed Coding Plan path instead of falling back to ARK_API_KEY.
  • Allowed Doubao secretKey and region in config validation.

Validation:

  • swift test --filter 'Doubao|ProviderConfigEnvironment|ConfigValidation'
  • make check

Proof note: I checked local env/config presence without printing secret values. This machine has Doubao API-key material but no Volcengine AK/SK pair, so I still cannot produce the requested signed Coding Plan live fetch proof here. That still needs real Volcengine AK/SK.

@codex review
@clawsweeper re-review

@clawsweeper

clawsweeper Bot commented Jun 24, 2026

Copy link
Copy Markdown

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 22a6bad6d5

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Config/ProviderConfigEnvironment.swift Outdated
@clawsweeper clawsweeper Bot added the merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. label Jun 24, 2026
@LeoLin990405

Copy link
Copy Markdown
Contributor Author

Addressed the new Ark preservation P2 in decf7f4f:

  • Treats the shared Doubao apiKey field as a signed Coding Plan access key only when it has the Volcengine AKLT... shape.
  • Keeps Ark bearer keys projected to ARK_API_KEY and clears AK/SK keys in the override env so Coding Plan does not win accidentally.
  • Added regressions for Ark + env secret, Ark + config secret, and Ark overriding complete env AK/SK credentials.

Validation:

  • swift test --filter 'Doubao|ProviderConfigEnvironment|ConfigValidation'\n- make check\n\nReal Coding Plan proof is still unavailable from this machine because no Volcengine AK/SK env/config credentials are present; local config only has Ark-style API keys.\n\n@codex review\n@clawsweeper re-review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: decf7f4f66

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/Doubao/DoubaoSettingsReader.swift
Comment thread Sources/CodexBarCore/Config/ProviderConfigEnvironment.swift Outdated
@LeoLin990405

Copy link
Copy Markdown
Contributor Author

Addressed the latest Doubao P2s in b63582af:

  • Added VOLCENGINE_SECRET_KEY as a Doubao signed Coding Plan secret alias so VOLCENGINE_ACCESS_KEY / VOLCENGINE_SECRET_KEY works as a pair.
  • Stopped projecting incomplete AKLT... access-key IDs into ARK_API_KEY; if no matching secret is available, the override leaves the Ark bearer path to any existing base Ark token instead of sending an access key to the Ark probe.
  • Added regressions for the new secret alias, incomplete AKLT credentials, and preserving a base Ark fallback.

Validation:

  • swift test --filter 'Doubao|ProviderConfigEnvironment|ConfigValidation'\n- make check\n\nReal Coding Plan proof is still unavailable from this machine because no Volcengine AK/SK env/config credentials are present.\n\n@codex review\n@clawsweeper re-review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b63582afd7

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/Doubao/DoubaoProviderDescriptor.swift Outdated
@LeoLin990405

Copy link
Copy Markdown
Contributor Author

Addressed the signed-to-Ark fallback P2 in f17026c9:

  • If signed Doubao Coding Plan credentials are present but the signed fetch fails, the strategy now falls back to an available Ark bearer token instead of returning the signed error immediately.
  • Cancellation still propagates and does not trigger Ark fallback.
  • Added injectable loaders for the Doubao API strategy so the fallback and cancellation behavior are covered without live network calls.

Validation:

  • swift test --filter 'Doubao|ProviderConfigEnvironment|ConfigValidation'\n- make check\n\nReal Coding Plan proof is still unavailable from this machine because no Volcengine AK/SK env/config credentials are present.\n\n@codex review\n@clawsweeper re-review

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f17026c97b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/Doubao/DoubaoSettingsReader.swift

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9678247b12

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@LeoLin990405

Copy link
Copy Markdown
Contributor Author

Addressed the Ark request-label P2 in d4a14190:

  • Added a Doubao primary label helper that keeps Ark request-limit snapshots labeled Requests.
  • Wired that label through the menu card, menu descriptor, and widget snapshot paths.
  • Added regressions for Ark request windows, Coding Plan 5-hour windows, and the signed-to-Ark fallback path.

Validation:

  • swift test --filter 'Doubao|ProviderConfigEnvironment|ConfigValidation'
  • make check

Real Coding Plan proof is still unavailable from this machine because no Volcengine AK/SK env/config credentials are present.

@codex review
@clawsweeper re-review

@clawsweeper

clawsweeper Bot commented Jun 24, 2026

Copy link
Copy Markdown

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d4a1419065

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/Doubao/DoubaoUsageFetcher.swift Outdated
Comment thread Sources/CodexBarCore/Providers/Doubao/DoubaoUsageFetcher.swift Outdated
@LeoLin990405

Copy link
Copy Markdown
Contributor Author

Addressed the Coding Plan reset P2s in 41fc3235:

  • Removed percentage text from Coding Plan resetDescription, so the UI no longer renders Resets 12.5% used.
  • Treat non-positive UpdateTimestamp / ResetTimestamp values as missing before creating Dates, avoiding 1970/now reset artifacts.
  • Added regression coverage for ResetTimestamp 0 and -1, fallback updatedAt, and nil Coding Plan reset descriptions.

Validation:

  • swift test --filter 'Doubao|ProviderConfigEnvironment|ConfigValidation'
  • make check

Real Coding Plan proof is still unavailable from this machine because no Volcengine AK/SK env/config credentials are present.

@codex review
@clawsweeper re-review

@clawsweeper

clawsweeper Bot commented Jun 24, 2026

Copy link
Copy Markdown

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Already looking forward to the next diff.

Reviewed commit: 41fc323574

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. and removed rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. labels Jun 24, 2026

Copy link
Copy Markdown
Contributor Author

Supplemental redacted Coding Plan proof

Current branch head: 41fc3235746f38543988192b801ad1fe2a86cad1.

This does not replace ClawSweeper's requested after-fix CodexBar signed AK/SK proof, but it narrows the remaining blocker and confirms the live Coding Plan response shape the PR implements.

What I could verify from this machine today:

  • Local credentials have an Ark bearer token only; no Volcengine/Doubao AK/SK is present, so CodexBar cannot exercise the signed path here without a new/provided AccessKey + SecretKey.
  • swift run CodexBarCLI usage --provider doubao --source auto --json on this PR head completes through source api without an error, so the existing Ark fallback path is still callable.
  • OpenCLI against the logged-in Volcengine Ark console captured a successful console-proxy GetCodingPlanUsage call for Coding Plan. The redacted, non-account-identifying fields are:
{
  "observedAt": "2026-06-25T03:58:33Z",
  "httpStatus": 200,
  "action": "GetCodingPlanUsage",
  "version": "2024-01-01",
  "service": "ark",
  "region": "cn-beijing",
  "resultStatus": "Running",
  "updatedAt": "2026-06-25 11:58:34 CST",
  "quotaUsage": [
    {
      "level": "session",
      "percent": 0.01392,
      "resetAt": "2026-06-25 15:46:05 CST"
    },
    {
      "level": "weekly",
      "percent": 3.2836043333333333,
      "resetAt": "2026-06-29 00:00:00 CST"
    },
    {
      "level": "monthly",
      "percent": 7.623784166666667,
      "resetAt": "2026-06-25 23:59:59 CST"
    }
  ]
}

No cookies, auth headers, account IDs, request IDs, phone/email, raw identity responses, or secrets are included.

Remaining decision before this can clear the ClawSweeper gate:

  1. Provide/approve a temporary Volcengine AK/SK proof path so I can run CodexBar's signed GetCodingPlanUsage implementation and post redacted output.
  2. Explicitly accept the console-proxy GetCodingPlanUsage proof + current tests as sufficient for this PR.
  3. Reject or pause the Doubao-specific AK/SK credential surface.

@steipete could you pick the path you want here? I am holding off on another @clawsweeper re-review until there is either signed-path proof or maintainer acceptance of an alternative, to avoid a noisy rerun.

…plan

# Conflicts:
#	Sources/CodexBarCore/Config/ProviderConfigEnvironment.swift
#	Tests/CodexBarTests/ProviderConfigEnvironmentTests.swift
@LeoLin990405

Copy link
Copy Markdown
Contributor Author

Rebased onto latest upstream/main — conflicts resolved, checks green

The branch had drifted 156 commits behind and was flagged CONFLICTING. Merged upstream/main (head now 0ea3b57b) and resolved the two conflicts, both of which were adjacent-addition collisions between this PR's Doubao provider and the newly-landed Sakana provider — no semantic overlap:

  • Sources/CodexBarCore/Config/ProviderConfigEnvironment.swift — kept both the .doubao/.sakana switch cases and both override helpers (applyDoubaoOverrides + applySakanaOverrides) side by side.
  • Tests/CodexBarTests/ProviderConfigEnvironmentTests.swift — kept all Doubao coverage plus the Sakana cookie-header test.

Validation on the merged tree:

  • swift build — Build complete
  • swift test --filter 'Doubao|ProviderConfigEnvironment|ConfigValidation'89 tests / 6 suites pass (Doubao + Sakana + config)
  • Scripts/lint.sh0 violations (swiftformat + swiftlint)

Note: this only clears the merge-conflict blocker. The needs-live-repro item (a real signed AK/SK Coding Plan capture) still stands — this machine only has an Ark bearer token, no Volcengine AK/SK, so the signed path can't be exercised locally.

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Delightful!

Reviewed commit: 0ea3b57b0c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@LeoLin990405

Copy link
Copy Markdown
Contributor Author

Live GetCodingPlanUsage proof (via official @volcengine/ark-cli)

Following up on the needs-live-repro ask on #1724. I couldn't exercise CodexBar's own signed path locally (I only hold an ARK_API_KEY bearer token, no long-term AK/SK), but I authenticated the official Volcengine ark-cli via SSO and captured the live Coding Plan usage. This confirms the endpoint is real and its response shape maps 1:1 onto what this PR implements (session → primary, weekly → secondary, monthly → tertiary):

{
  "items": [{
    "product": "coding-plan",
    "edition": "personal",
    "subscribed": true,
    "periods": [
      { "label": "session", "percent": 0.00232,  "reset_at": "2026-07-02T18:57:55+08:00" },
      { "label": "weekly",  "percent": 2.48986,   "reset_at": "2026-07-06T00:00:00+08:00" },
      { "label": "monthly", "percent": 1.26306,   "reset_at": "2026-07-25T23:59:59+08:00" }
    ]
  }]
}

(account id/name redacted; arkcli usage plan --product coding-plan, tier pro, status Running.)

The three windows + reset timestamps line up exactly with DoubaoUsageFetcher's Coding Plan parsing, which is already covered by the passing unit test coding plan fetch signs volcengine request. So the data path and mapping are validated end-to-end at the API level; the only step not yet shown is CodexBar's own signed fetcher rendering it with a long-term AK/SK (bearer/STS won't do — see below).

Follow-up worth considering: STS / session-token support

While validating, I confirmed the current DoubaoVolcengineSigner signs with a long-term AK/SK only — there's no X-Security-Token handling. That means temporary STS credentials (what SSO logins like ark-cli's hand out) can't be used; users must mint a long-term Volcengine AccessKey/SecretKey. Adding session-token support would let SSO/STS users work out of the box. Happy to do this as a follow-up PR if you'd want it — not folding it into this one to keep the diff focused.

… failures

apiErrorSummary only parsed `error.message`/`message`, so Volcengine's
`ResponseMetadata.Error.{Code,Message}` shape fell through to an opaque
"HTTP 403 (322 bytes)". Users hitting an IAM AccessDenied on
ark:GetCodingPlanUsage now see the real reason instead of a byte count.

Add a regression test asserting a 403 ResponseMetadata.Error body is
surfaced as "AccessDenied: User is not authorized to perform: ark:GetCodingPlanUsage".
@LeoLin990405

Copy link
Copy Markdown
Contributor Author

Added: surface Volcengine API error code/message (commit 970b9387)

While validating the signed path end-to-end against a live Volcengine account, I confirmed the signer is correct — a real GetCodingPlanUsage request authenticates and is evaluated server-side. My test key hit an IAM AccessDenied, which exposed a small UX gap: apiErrorSummary only parsed error.message / message, so Volcengine's actual error shape —

{ "ResponseMetadata": { "Error": { "Code": "AccessDenied",
  "Message": "User is not authorized to perform: ark:GetCodingPlanUsage on resource: trn:iam::…:project/*" } } }

— fell through to an opaque HTTP 403 (322 bytes). A user who configures an AK/SK lacking the ark:GetCodingPlanUsage permission would have no idea why.

This commit parses ResponseMetadata.Error.{Code,Message} and surfaces e.g. AccessDenied: User is not authorized to perform: ark:GetCodingPlanUsage, with a regression test. Doubao suite green, lint clean.

(Small and self-contained; happy to split it into its own PR if you'd prefer to keep this one strictly to the feature.)

@LeoLin990405

Copy link
Copy Markdown
Contributor Author

✅ After-fix live repro — CodexBar's own signed path renders real Coding Plan bars

Granted the ark:GetCodingPlanUsage permission on the test identity and re-ran CodexBar's own signed CLI (long-term Volcengine AK/SK via CODEXBAR_CONFIG, no ark-cli involved). DoubaoUsageFetcher signs the request, calls GetCodingPlanUsage, and renders the three windows — "Limits not available" is gone:

== Doubao (api) ==
5-hour:  99% left [===========-]   Resets in 2h 38m
Weekly:  97% left [===========-]   Resets in 3d 7h
Monthly: 99% left [===========-]   Resets in 23d 7h
Plan: Running

Cross-checks 1:1 with the earlier official ark-cli capture (session 0.0023% used → 99% left, weekly 2.49% → 97%, monthly 1.26% → 99%). This is CodexBar's real signed fetcher end-to-end against a live Coding Plan (pro tier) — the after-fix signed AK/SK proof needs-live-repro asked for.

Recap of what's now validated:

  • ✅ Merge conflict resolved, rebased onto main, all CI green, MERGEABLE
  • ✅ Signed path renders real session/weekly/monthly bars with a permissioned AK/SK
  • AccessDenied surfacing improvement (970b9387) — a misconfigured key now shows the real IAM reason instead of HTTP 403 (322 bytes)

@clawsweeper clawsweeper Bot added proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. and removed rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. labels Jul 2, 2026
@steipete

steipete commented Jul 2, 2026

Copy link
Copy Markdown
Owner

Landed via #1841 as 44f0949b69bb705c43c3685ef23d7a16f1539763, preserving Leo's Co-authored-by credit and changelog thanks.

The original fork branch could not be updated because maintainer edits were disabled, so I recreated the contributor patch on a maintainer branch, resolved the integration changes, and ran focused tests, make check, the full 45-shard suite, autoreview, and exact-head GitHub Actions.

Thanks @LeoLin990405. For future pull requests, enabling Allow edits by maintainers lets us apply integration fixups directly to the contributor branch.

@steipete steipete closed this Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. P2 Normal priority bug or improvement with limited blast radius. proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Doubao: surface Coding Plan usage (session/weekly/monthly) via GetCodingPlanUsage instead of "Limits not available"

2 participants