Improve Kimi Code usage reporting#1762
Conversation
|
Codex review: needs real behavior proof before merge. Reviewed July 1, 2026, 11:25 AM ET / 15:25 UTC. Summary Reproducibility: yes. for the review finding: exact head docs say CodexBar refreshes expired Kimi Code credentials while the implementation and tests keep expired credentials read-only. The remaining live-provider behavior is not reproducible here because no real Kimi credential or session data was provided. Review metrics: 2 noteworthy metrics.
Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Proof guidance:
Risk before merge
Maintainer options:
Next step before merge
Security Review findings
Review detailsBest possible solution: Land after the docs match the read-only expired-credential behavior and a maintainer or contributor adds redacted real Kimi proof for API-key usage, fresh OAuth reuse, expired-credential remediation, Kimi Code wire.jsonl scanning, and Pi Kimi records. Do we have a high-confidence way to reproduce the issue? Yes for the review finding: exact head docs say CodexBar refreshes expired Kimi Code credentials while the implementation and tests keep expired credentials read-only. The remaining live-provider behavior is not reproducible here because no real Kimi credential or session data was provided. Is this the best way to solve the issue? No; the implementation direction looks maintainable after the read-only credential change, but the branch should align its docs and add redacted live proof before merge. Full review comments:
Overall correctness: patch is incorrect AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 2980728d5314. Label changesLabel justifications:
Evidence reviewedWhat I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
|
There was a problem hiding this comment.
💡 Codex Review
CodexBar/Sources/CodexBarCore/CostUsageModels.swift
Lines 6 to 9 in 746c496
The new request fields stay nil for every CostUsageTokenSnapshot built through CostUsageFetcher.tokenSnapshot: that factory only derives tokens/cost and calls this initializer without sessionRequests or last30DaysRequests. In practice the Kimi Code scanner can put requestCount on daily entries, but the menu/dashboard paths that read snapshot.last30DaysRequests never see it, so request counts are dropped from the reported Kimi usage. Derive these values from sessionEntry.requestCount and the daily entries when constructing the snapshot.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b21d056568
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5a3a4ebdd0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@clawsweeper re-review |
|
🦞🧹 I asked ClawSweeper to review this item again. |
9f4fc8f to
7059706
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 84640a3768
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3b79341e18
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
3b79341 to
732897f
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 732897f13d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
732897f to
0ca2a2e
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: df1a1d1666
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 74843fae4e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ecc2ccecfc
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| for case let url as URL in enumerator where url.lastPathComponent == "wire.jsonl" { | ||
| return true |
There was a problem hiding this comment.
Don't auto-enable cost history from disabled Kimi logs
Fresh evidence after the opt-in fix: loadCostDefaults now persists tokenCostKimiCodeSessionsEnabled as false, but this detector still returns true when a fresh install has only Kimi wire.jsonl files. applyTokenCostDefaultIfNeeded() then silently enables the global cost summary even though the Kimi source remains disabled, so the first refresh can show “No local Kimi Code session usage found” despite those files being the only reason the feature was enabled; skip Kimi here until the Kimi source is explicitly enabled, or don't use it for the global auto-default.
Useful? React with 👍 / 👎.
Summary
Improves Kimi Code usage reporting while keeping Kimi Code separate from Moonshot, Kimi K2, and generic Kimi API providers.
~/.kimi-code/credentials/kimi-code.jsonin auto mode and reports the active source; expired CLI-owned credentials remain read-only and require CLI re-authentication or an explicit API key.wire.jsonland Pi Kimi session usage behind settings toggles.kimiout of Kimi Code accounting; only Kimi Code-specific provider IDs qualify.Maintainer audit
Exact head:
ecc2ccecfRebased onto
mainat129f6962e, including the landed #1797 cost-accounting/cache-invalidation work and the subsequent widget fix. Later unrelated mainline drift is intentionally preserved while the PR remains mergeable. Contributor authorship remains preserved across the rewritten stack, beginning at021e5004c.Maintainer fixes close eight correctness/security gaps found during review:
KIMI_CODE_BASE_URL,KIMI_CODE_OAUTH_HOST, orKIMI_OAUTH_HOSToverrides are present. Endpoint overrides require an explicit API key.kimiis no longer attributed to Kimi Code.CostUsageSourceOptions()keeps the existing Pi-session default enabled; the new Kimi source remains disabled by default at the core API boundary. The Pi cache schema is bumped so old attribution is not reused.kimi-code.json, including on non-macOS CLI paths./coding/v1/usagesand/coding/v1/models; explicit API keys remain unchanged.false); an existing explicit choice remains unchanged.CodexBar does not rewrite the CLI-owned credential payload, so unknown fields, permissions, and rotating refresh tokens remain exclusively owned by Kimi Code.
Upstream contract evidence
The implementation follows current official Kimi Code contracts at
62999caca3b56d865bb44f1f0336bff942765d94:usage.recordwrite and scope contractCurrent upstream records normal model calls as
turnand real compaction model calls assession; both are additive usage. The scanner therefore correctly includes both scopes rather than dropping compaction cost.Privacy and provider isolation
Local scanning aggregates token-usage records; CodexBar does not display raw prompts. Quota and plan data remain Kimi-sourced. Local model-cost values are estimates, not authoritative subscription billing. CLI credential reuse is disabled for custom API/OAuth hosts, preventing CLI-owned credentials from crossing origins.
Validation
Exact maintainer head:
ecc2ccecfmake check: passed (SwiftFormat + strict SwiftLint);make test: passed, 44/44 shards;origin/main;./Scripts/package_app.sh: passed; packagedCodexBar.app;git diff --check origin/main...HEAD: passed;changes, lint, both Linux builds, and GitGuardian passed. All four macOS shards and the aggregate were cancelled; the run has no exact-head failure, but it is not terminal green. The superseded74843fae4run reached terminal 10/10 green after rerunning one macOS shard that hit the 35-minute infrastructure timeout.A subsequent review found that Kimi
wire.jsonlfiles could still auto-enable the global cost summary even though Kimi scanning defaults off. The fix and regression test are prepared locally atc630d484e; focused tests,make check, structured autoreview, 44/44 full shards, and packaging pass. It remains intentionally unpublished until the clear-wave runner-capacity gate is lifted, so the review thread and fresh exact-head CI remain outstanding.No real Kimi Code credential, Kimi local sessions, or Pi Kimi session records are available in the authorized test environment. Therefore the API response shape, fresh CLI-credential reuse, expired-credential remediation, and rendered real-account values do not yet have exact live proof.
Landing decision
Recommendation: hold; do not merge yet. The file-ownership/security decision is resolved with read-only CLI credentials. Two gates remain:
wire.jsonl, and real Pi Kimi records; verify account identity/plan isolation and fetch latency with redacted output.The prior #1797 overlap is resolved in this rewritten head. No changelog entry is included on the contributor branch; the maintainer should add one with contributor thanks only if the live proof gate is cleared and the PR is landed.