Skip to content

Improve Kimi Code usage reporting#1762

Open
Leechael wants to merge 20 commits into
steipete:mainfrom
Leechael:kimi-code-oauth-credentials
Open

Improve Kimi Code usage reporting#1762
Leechael wants to merge 20 commits into
steipete:mainfrom
Leechael:kimi-code-oauth-credentials

Conversation

@Leechael

@Leechael Leechael commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Summary

Improves Kimi Code usage reporting while keeping Kimi Code separate from Moonshot, Kimi K2, and generic Kimi API providers.

  • Reuses a fresh access token from ~/.kimi-code/credentials/kimi-code.json in auto mode and reports the active source; expired CLI-owned credentials remain read-only and require CLI re-authentication or an explicit API key.
  • Preserves Kimi quota windows and shows Session before Weekly.
  • Adds local Kimi Code wire.jsonl and Pi Kimi session usage behind settings toggles.
  • Keeps explicit API mode API-key only.
  • Keeps generic Pi provider kimi out of Kimi Code accounting; only Kimi Code-specific provider IDs qualify.
  • Preserves existing Pi cost-history behavior when callers omit source options.
  • Invalidates stale Pi cost caches after provider-attribution changes.

Maintainer audit

Exact head: ecc2ccecf

Rebased onto main at 129f6962e, including the landed #1797 cost-accounting/cache-invalidation work and the subsequent widget fix. Later unrelated mainline drift is intentionally preserved while the PR remains mergeable. Contributor authorship remains preserved across the rewritten stack, beginning at 021e5004c.

Maintainer fixes close eight correctness/security gaps found during review:

  1. CLI-owned Kimi OAuth bearer and refresh tokens are no longer forwarded when KIMI_CODE_BASE_URL, KIMI_CODE_OAUTH_HOST, or KIMI_OAUTH_HOST overrides are present. Endpoint overrides require an explicit API key.
  2. Generic Pi provider ID kimi is no longer attributed to Kimi Code.
  3. CostUsageSourceOptions() keeps the existing Pi-session default enabled; the new Kimi source remains disabled by default at the core API boundary. The Pi cache schema is bumped so old attribution is not reused.
  4. CLI-owned OAuth credentials are read-only. Fresh access tokens can be reused; expired credentials route to explicit Kimi CLI re-authentication/API-key remediation without mutating kimi-code.json, including on non-macOS CLI paths.
  5. Fresh CLI OAuth access tokens now send the same identity headers to both /coding/v1/usages and /coding/v1/models; explicit API keys remain unchanged.
  6. Weekly-only quota responses stay in the Weekly lane instead of being mislabeled as Session.
  7. The Kimi provider pane no longer mutates the global Pi session source. Pi analysis is exposed only as the correctly scoped General setting, while Kimi keeps its own provider-specific source toggle.
  8. An absent Kimi session preference is explicitly migrated and persisted as opt-in (false); an existing explicit choice remains unchanged.

CodexBar does not rewrite the CLI-owned credential payload, so unknown fields, permissions, and rotating refresh tokens remain exclusively owned by Kimi Code.

Upstream contract evidence

The implementation follows current official Kimi Code contracts at 62999caca3b56d865bb44f1f0336bff942765d94:

Current upstream records normal model calls as turn and real compaction model calls as session; both are additive usage. The scanner therefore correctly includes both scopes rather than dropping compaction cost.

Privacy and provider isolation

Local scanning aggregates token-usage records; CodexBar does not display raw prompts. Quota and plan data remain Kimi-sourced. Local model-cost values are estimates, not authoritative subscription billing. CLI credential reuse is disabled for custom API/OAuth hosts, preventing CLI-owned credentials from crossing origins.

Validation

Exact maintainer head: ecc2ccecf

  • exact-head focused Kimi and CLI suites: passed, 62 Swift Testing tests plus 23 XCTest tests;
  • exact-head make check: passed (SwiftFormat + strict SwiftLint);
  • exact-head full make test: passed, 44/44 shards;
  • structured autoreview: no accepted/actionable findings; one compatibility concern was rejected because the removed refresh symbols exist only on this unmerged branch and are absent from current origin/main;
  • exact-head ./Scripts/package_app.sh: passed; packaged CodexBar.app;
  • git diff --check origin/main...HEAD: passed;
  • exact-head GitHub CI: run 28527930896 was intentionally cancelled by maintainer coordination to release macOS runners after changes, lint, both Linux builds, and GitGuardian passed. All four macOS shards and the aggregate were cancelled; the run has no exact-head failure, but it is not terminal green. The superseded 74843fae4 run reached terminal 10/10 green after rerunning one macOS shard that hit the 35-minute infrastructure timeout.

A subsequent review found that Kimi wire.jsonl files could still auto-enable the global cost summary even though Kimi scanning defaults off. The fix and regression test are prepared locally at c630d484e; focused tests, make check, structured autoreview, 44/44 full shards, and packaging pass. It remains intentionally unpublished until the clear-wave runner-capacity gate is lifted, so the review thread and fresh exact-head CI remain outstanding.

No real Kimi Code credential, Kimi local sessions, or Pi Kimi session records are available in the authorized test environment. Therefore the API response shape, fresh CLI-credential reuse, expired-credential remediation, and rendered real-account values do not yet have exact live proof.

Landing decision

Recommendation: hold; do not merge yet. The file-ownership/security decision is resolved with read-only CLI credentials. Two gates remain:

  1. Publish and verify the opt-in fix. Push the locally prepared global-default regression fix only after runner capacity is released, reply to and resolve the review thread after publication, then obtain fresh exact-head terminal-green CI.
  2. Live proof. Exercise API-key usage, fresh OAuth reuse, expired-credential remediation, real Kimi Code wire.jsonl, and real Pi Kimi records; verify account identity/plan isolation and fetch latency with redacted output.

The prior #1797 overlap is resolved in this rewritten head. No changelog entry is included on the contributor branch; the maintainer should add one with contributor thanks only if the live proof gate is cleared and the PR is landed.

@clawsweeper

clawsweeper Bot commented Jun 26, 2026

Copy link
Copy Markdown

Codex review: needs real behavior proof before merge. Reviewed July 1, 2026, 11:25 AM ET / 15:25 UTC.

Summary
The PR adds Kimi Code OAuth credential reuse, Kimi/local Pi token-cost scanning, Kimi tier/source display, settings toggles, cache invalidation, docs, and tests.

Reproducibility: yes. for the review finding: exact head docs say CodexBar refreshes expired Kimi Code credentials while the implementation and tests keep expired credentials read-only. The remaining live-provider behavior is not reproducible here because no real Kimi credential or session data was provided.

Review metrics: 2 noteworthy metrics.

  • Diff surface: 36 files, +2103/-173. The PR spans auth, settings, cache schema, local scanners, CLI output, docs, and tests, so fixture coverage alone is not enough merge evidence.
  • Live Kimi proof: 0 real credential/session sources. The PR body explicitly says no real Kimi Code credential, Kimi local session, or Pi Kimi records were available.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🦐 gold shrimp
Result: blocked until real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • [P1] Add redacted live proof for API-key usage, fresh OAuth reuse, expired-credential remediation, Kimi Code wire.jsonl scanning, and Pi Kimi records.
  • Update docs/kimi.md so expired CLI-owned credentials require Kimi CLI re-authentication or KIMI_CODE_API_KEY rather than claiming CodexBar refreshes them.

Proof guidance:

  • [P1] Needs real behavior proof before merge: The PR body explicitly says no real Kimi Code credential, local sessions, or Pi Kimi records were available, so it needs redacted terminal output, logs, screenshots, recordings, or linked artifacts before merge. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

  • [P1] The PR body still says no real Kimi Code credential, local Kimi sessions, or Pi Kimi records were available, so live API/OAuth response shape, provider isolation, and rendered values are unproven.
  • [P1] Merging changes Kimi auth/source behavior and local cost-source defaults; current tests cover stubs and upgrade defaults but not a real account or real session tree.
  • [P1] The docs still describe expired CLI credential refresh even though the code now intentionally routes expired CLI-owned credentials to re-authentication or an explicit API key.

Maintainer options:

  1. Require live Kimi proof before merge (recommended)
    Exercise the real API-key, fresh OAuth, expired-credential, Kimi Code session, and Pi Kimi paths with redacted output before landing this provider behavior change.
  2. Accept unproven provider behavior
    Maintainers can intentionally merge without live Kimi evidence, but that owns the risk that real account contracts or session layouts differ from the tested fixtures.
  3. Pause until a Kimi account is available
    If no one can provide redacted live proof, hold the PR rather than shipping a broad auth and usage-reporting path based only on fixtures.

Next step before merge

  • [P1] Human follow-up is needed because live Kimi credentials/session records must be proven outside automation; the docs mismatch is small but should be fixed before merge.

Security
Cleared: The latest head keeps expired CLI credentials read-only and blocks forwarding CLI-owned credentials to endpoint overrides; no concrete security or supply-chain defect was found.

Review findings

  • [P2] Align OAuth docs with read-only credentials — docs/kimi.md:57-58
Review details

Best possible solution:

Land after the docs match the read-only expired-credential behavior and a maintainer or contributor adds redacted real Kimi proof for API-key usage, fresh OAuth reuse, expired-credential remediation, Kimi Code wire.jsonl scanning, and Pi Kimi records.

Do we have a high-confidence way to reproduce the issue?

Yes for the review finding: exact head docs say CodexBar refreshes expired Kimi Code credentials while the implementation and tests keep expired credentials read-only. The remaining live-provider behavior is not reproducible here because no real Kimi credential or session data was provided.

Is this the best way to solve the issue?

No; the implementation direction looks maintainable after the read-only credential change, but the branch should align its docs and add redacted live proof before merge.

Full review comments:

  • [P2] Align OAuth docs with read-only credentials — docs/kimi.md:57-58
    This section still says CodexBar refreshes an expired Kimi Code credential through the OAuth token endpoint, but the latest implementation intentionally keeps the CLI-owned credential file read-only and routes expired files to CLI re-authentication or an explicit API key. Users with expired CLI credentials would follow the wrong troubleshooting path unless this text is updated.
    Confidence: 0.91

Overall correctness: patch is incorrect
Overall confidence: 0.88

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against 2980728d5314.

Label changes

Label justifications:

  • P2: This is a substantial provider improvement with limited blast radius, but it is not a shipped urgent regression.
  • merge-risk: 🚨 compatibility: The branch changes settings defaults, cache versions, source toggles, and Kimi credential behavior for users upgrading with existing local data.
  • merge-risk: 🚨 auth-provider: The branch adds Kimi OAuth credential reuse, identity headers, endpoint-override safeguards, and expired-credential routing that need real-provider proof.
  • rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🦐 gold shrimp.
  • status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: The PR body explicitly says no real Kimi Code credential, local sessions, or Pi Kimi records were available, so it needs redacted terminal output, logs, screenshots, recordings, or linked artifacts before merge. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.
Evidence reviewed

What I checked:

  • AGENTS policy read: Read the full target AGENTS.md; provider data siloing, avoiding unrequested live credential probes, and not blocking on release-owned changelog edits affected this review. (AGENTS.md:1, 2980728d5314)
  • Current main lacks central feature: Current main still marks Kimi token cost unsupported and only resolves KIMI_CODE_API_KEY, so the central PR work is not already implemented on main. (Sources/CodexBarCore/Providers/Kimi/KimiProviderDescriptor.swift:30, 2980728d5314)
  • Current main CLI cost excludes Kimi: The current CLI cost command supports only Claude and Codex, confirming Kimi local-cost reporting is still unique to this branch. (Sources/CodexBarCLI/CLICostCommand.swift:6, 2980728d5314)
  • Latest head keeps expired credentials read-only: PR-head tests assert expired Kimi Code OAuth credentials return no access token, keep the credential file byte-for-byte unchanged, and allow explicit API keys instead. (Tests/CodexBarTests/KimiProviderTests.swift:200, ecc2ccecfcf4)
  • Docs contradict latest credential policy: PR-head docs still say CodexBar refreshes an expired Kimi Code credential through the OAuth token endpoint, which conflicts with the read-only expired-credential implementation and tests. (docs/kimi.md:57, ecc2ccecfcf4)
  • Proof gap is explicit in PR body: The PR body states no real Kimi Code credential, local Kimi sessions, or Pi Kimi session records are available in the authorized test environment, leaving live API/OAuth/session behavior unproven. (ecc2ccecfcf4)

Likely related people:

  • steipete: Current-main Kimi provider files and Pi session cost scanner history primarily trace to Peter Steinberger, and the latest PR-head maintainer fixes are authored by steipete. (role: recent area contributor; confidence: high; commits: 5f4e47793660, 004422130c02, 6e72d426f42d; files: Sources/CodexBarCore/Providers/Kimi/KimiProviderDescriptor.swift, Sources/CodexBarCore/Providers/Kimi/KimiSettingsReader.swift, Sources/CodexBarCore/PiSessionCostScanner.swift)
  • Derek Zeng: Recent CLI usage history includes OAuth/source isolation work in the same CLI preflight surface touched by the Kimi non-macOS gate. (role: adjacent owner; confidence: medium; commits: 3bc978114747; files: Sources/CodexBarCLI/CLIUsageCommand.swift)
  • dstier-git: The PR is rebased over the merged cost-accounting/cache-invalidation work from the related cost PR, which overlaps the cache and cost-reporting surface. (role: adjacent cost-cache contributor; confidence: medium; commits: e71db5e47a07, 306cf96787f0; files: Sources/CodexBarCore/CostUsageFetcher.swift, Sources/CodexBarCore/PiSessionCostCache.swift, Tests/CodexBarTests/CostUsageFetcherTests.swift)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

public let sessionRequests: Int?
public let last30DaysTokens: Int?
public let last30DaysCostUSD: Double?
public let last30DaysRequests: Int?

P2 Badge Populate request totals before exposing them

The new request fields stay nil for every CostUsageTokenSnapshot built through CostUsageFetcher.tokenSnapshot: that factory only derives tokens/cost and calls this initializer without sessionRequests or last30DaysRequests. In practice the Kimi Code scanner can put requestCount on daily entries, but the menu/dashboard paths that read snapshot.last30DaysRequests never see it, so request counts are dropped from the reported Kimi usage. Derive these values from sessionEntry.requestCount and the daily entries when constructing the snapshot.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/Kimi/KimiUsageSnapshot.swift
@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. P2 Normal priority bug or improvement with limited blast radius. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. labels Jun 26, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b21d056568

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/Kimi/KimiSettingsReader.swift Outdated
Comment thread Sources/CodexBarCore/CostUsageFetcher.swift
@clawsweeper clawsweeper Bot added rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. and removed rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. labels Jun 26, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5a3a4ebdd0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/PiSessionCostScanner.swift
@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. and removed rating: 🦪 silver shellfish Thin PR readiness signal; proof, validation, or implementation needs work. labels Jun 26, 2026
@Leechael

Copy link
Copy Markdown
Contributor Author

@clawsweeper re-review

@clawsweeper

clawsweeper Bot commented Jun 27, 2026

Copy link
Copy Markdown

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@Leechael Leechael force-pushed the kimi-code-oauth-credentials branch from 9f4fc8f to 7059706 Compare June 29, 2026 13:11

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 84640a3768

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/Kimi/KimiSettingsReader.swift Outdated
Comment thread Sources/CodexBarCore/PiSessionCostScanner.swift

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3b79341e18

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/PiSessionCostScanner.swift
@steipete steipete force-pushed the kimi-code-oauth-credentials branch from 3b79341 to 732897f Compare July 1, 2026 10:32

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 732897f13d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/Kimi/KimiProviderDescriptor.swift Outdated
Comment thread Sources/CodexBarCore/Providers/Kimi/KimiUsageSnapshot.swift Outdated
@steipete steipete force-pushed the kimi-code-oauth-credentials branch from 732897f to 0ca2a2e Compare July 1, 2026 11:05

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: df1a1d1666

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBar/Providers/Kimi/KimiProviderImplementation.swift Outdated
Comment thread Sources/CodexBar/SettingsStore.swift Outdated

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 74843fae4e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/Kimi/KimiProviderDescriptor.swift Outdated
Comment thread Sources/CodexBarCore/Providers/Kimi/KimiSettingsReader.swift Outdated

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ecc2ccecfc

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +125 to +126
for case let url as URL in enumerator where url.lastPathComponent == "wire.jsonl" {
return true

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Don't auto-enable cost history from disabled Kimi logs

Fresh evidence after the opt-in fix: loadCostDefaults now persists tokenCostKimiCodeSessionsEnabled as false, but this detector still returns true when a fresh install has only Kimi wire.jsonl files. applyTokenCostDefaultIfNeeded() then silently enables the global cost summary even though the Kimi source remains disabled, so the first refresh can show “No local Kimi Code session usage found” despite those files being the only reason the feature was enabled; skip Kimi here until the Kimi source is explicitly enabled, or don't use it for the global auto-default.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. P2 Normal priority bug or improvement with limited blast radius. rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants