Fix Qoder cookie routing gaps

Author: Yuxin-Qiao

Sources/CodexBar/MenuCardView.swift

@@ -1320,7 +1320,7 @@ extension UsageMenuCardView.Model {
             primaryDetailLeft = detail
         }
         if input.provider == .warp || input.provider == .kilo || input.provider == .mimo || input.provider == .deepseek
-            || input.provider == .litellm,
+            || input.provider == .qoder || input.provider == .litellm,
             let detail = primary.resetDescription,
             !detail.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
         {
@@ -1345,7 +1345,7 @@ extension UsageMenuCardView.Model {
             primaryDetailText = detail
             if input.provider == .manus { primaryResetText = nil }
         }
-        if [.warp, .kilo, .mimo, .deepseek, .litellm].contains(input.provider), primary.resetsAt == nil {
+        if [.warp, .kilo, .mimo, .deepseek, .qoder, .litellm].contains(input.provider), primary.resetsAt == nil {
             primaryResetText = nil
         }
         // Abacus: show credits as detail, compute pace on the primary monthly window

Sources/CodexBarCLI/CLIRenderer.swift

@@ -350,6 +350,7 @@ enum CLIRenderer {
         lines: inout [String])
     {
         if provider == .warp || provider == .kilo || provider == .mistral || provider == .deepseek ||
+            provider == .qoder ||
             provider == .crof
         {
             if let reset = self.resetLineForDetailBackedWindow(window: window, style: context.resetStyle, now: now) {

Sources/CodexBarCLI/CLIUsageCommand.swift

@@ -592,6 +592,11 @@ extension CodexBarCLI {
         {
             return false
         }
+        if provider == .qoder,
+           settings?.qoder?.cookieSource == .manual
+        {
+            return false
+        }
         if provider == .ollama,
            sourceMode == .auto
         {

Sources/CodexBarCLI/TokenAccountCLI.swift

@@ -151,8 +151,6 @@ struct TokenAccountCLIContext {
         let cookieSettings = self.cookieSettings(provider: provider, account: account, config: config)
 
         switch provider {
-        case .cursor:
-            return self.makeSnapshot(cursor: self.makeProviderCookieSettings(cookieSettings))
         case .opencode:
             return self.makeSnapshot(
                 opencode: ProviderSettingsSnapshot.OpenCodeProviderSettings(
@@ -173,36 +171,14 @@ struct TokenAccountCLIContext {
                     cookieSource: cookieSettings.cookieSource,
                     manualCookieHeader: cookieSettings.manualCookieHeader,
                     apiRegion: self.resolveAlibabaCodingPlanRegion(config)))
-        case .alibabatokenplan:
-            return self.makeSnapshot(alibabaTokenPlan: self.makeProviderCookieSettings(cookieSettings))
-        case .factory:
-            return self.makeSnapshot(factory: self.makeProviderCookieSettings(cookieSettings))
         case .minimax:
             return self.makeSnapshot(
                 minimax: ProviderSettingsSnapshot.MiniMaxProviderSettings(
                     cookieSource: cookieSettings.cookieSource,
                     manualCookieHeader: cookieSettings.manualCookieHeader,
                     apiRegion: self.resolveMiniMaxRegion(config)))
-        case .manus:
-            return self.makeSnapshot(manus: self.makeProviderCookieSettings(cookieSettings))
-        case .augment:
-            return self.makeSnapshot(augment: self.makeProviderCookieSettings(cookieSettings))
-        case .amp:
-            return self.makeSnapshot(amp: self.makeProviderCookieSettings(cookieSettings))
-        case .ollama:
-            return self.makeSnapshot(ollama: self.makeProviderCookieSettings(cookieSettings))
-        case .kimi:
-            return self.makeSnapshot(kimi: self.makeProviderCookieSettings(cookieSettings))
-        case .perplexity:
-            return self.makeSnapshot(perplexity: self.makeProviderCookieSettings(cookieSettings))
-        case .mimo:
-            return self.makeSnapshot(mimo: self.makeProviderCookieSettings(cookieSettings))
         case .doubao:
             return nil
-        case .abacus:
-            return self.makeSnapshot(abacus: self.makeProviderCookieSettings(cookieSettings))
-        case .mistral:
-            return self.makeSnapshot(mistral: self.makeProviderCookieSettings(cookieSettings))
         case .stepfun:
             let stepfunSettings = self.cookieSettings(
                 provider: provider,
@@ -216,7 +192,45 @@ struct TokenAccountCLIContext {
                     username: config?.sanitizedAPIKey ?? "",
                     password: ""))
         default:
-            return nil
+            return self.makeGenericCookieBackedSnapshot(provider: provider, cookieSettings: cookieSettings)
+        }
+    }
+
+    private func makeGenericCookieBackedSnapshot(
+        provider: UsageProvider,
+        cookieSettings: ProviderSettingsSnapshot.CookieProviderSettings) -> ProviderSettingsSnapshot?
+    {
+        switch provider {
+        case .cursor:
+            self.makeSnapshot(cursor: self.makeProviderCookieSettings(cookieSettings))
+        case .commandcode:
+            self.makeSnapshot(commandcode: self.makeProviderCookieSettings(cookieSettings))
+        case .alibabatokenplan:
+            self.makeSnapshot(alibabaTokenPlan: self.makeProviderCookieSettings(cookieSettings))
+        case .factory:
+            self.makeSnapshot(factory: self.makeProviderCookieSettings(cookieSettings))
+        case .manus:
+            self.makeSnapshot(manus: self.makeProviderCookieSettings(cookieSettings))
+        case .augment:
+            self.makeSnapshot(augment: self.makeProviderCookieSettings(cookieSettings))
+        case .amp:
+            self.makeSnapshot(amp: self.makeProviderCookieSettings(cookieSettings))
+        case .ollama:
+            self.makeSnapshot(ollama: self.makeProviderCookieSettings(cookieSettings))
+        case .kimi:
+            self.makeSnapshot(kimi: self.makeProviderCookieSettings(cookieSettings))
+        case .perplexity:
+            self.makeSnapshot(perplexity: self.makeProviderCookieSettings(cookieSettings))
+        case .mimo:
+            self.makeSnapshot(mimo: self.makeProviderCookieSettings(cookieSettings))
+        case .abacus:
+            self.makeSnapshot(abacus: self.makeProviderCookieSettings(cookieSettings))
+        case .mistral:
+            self.makeSnapshot(mistral: self.makeProviderCookieSettings(cookieSettings))
+        case .qoder:
+            self.makeSnapshot(qoder: self.makeProviderCookieSettings(cookieSettings))
+        default:
+            nil
         }
     }
 
@@ -244,6 +258,7 @@ struct TokenAccountCLIContext {
         mimo: ProviderSettingsSnapshot.MiMoProviderSettings? = nil,
         abacus: ProviderSettingsSnapshot.AbacusProviderSettings? = nil,
         mistral: ProviderSettingsSnapshot.MistralProviderSettings? = nil,
+        qoder: ProviderSettingsSnapshot.QoderProviderSettings? = nil,
         stepfun: ProviderSettingsSnapshot.StepFunProviderSettings? = nil) -> ProviderSettingsSnapshot
     {
         ProviderSettingsSnapshot.make(
@@ -270,6 +285,7 @@ struct TokenAccountCLIContext {
             mimo: mimo,
             abacus: abacus,
             mistral: mistral,
+            qoder: qoder,
             stepfun: stepfun)
     }
 

Sources/CodexBarCore/Providers/Providers.swift

@@ -262,4 +262,14 @@ public enum ProviderBrowserCookieDefaults {
         nil
         #endif
     }
+
+    /// Qoder sessions are documented through Chrome cookie import. Keep automatic import narrow
+    /// so enabling this provider does not probe unrelated browser keychains.
+    public static var qoderCookieImportOrder: BrowserCookieImportOrder? {
+        #if os(macOS)
+        [.chrome]
+        #else
+        nil
+        #endif
+    }
 }

Sources/CodexBarCore/Providers/Qoder/QoderCookieImporter.swift

@@ -28,10 +28,26 @@ public enum QoderCookieImporter {
         browserDetection: BrowserDetection = BrowserDetection(),
         preferredBrowsers: [Browser] = [],
         logger: ((String) -> Void)? = nil) throws -> SessionInfo
+    {
+        guard let session = try self.importSessions(
+            browserDetection: browserDetection,
+            preferredBrowsers: preferredBrowsers,
+            logger: logger).first
+        else {
+            throw QoderUsageError.missingCredentials
+        }
+        return session
+    }
+
+    public static func importSessions(
+        browserDetection: BrowserDetection = BrowserDetection(),
+        preferredBrowsers: [Browser] = [],
+        logger: ((String) -> Void)? = nil) throws -> [SessionInfo]
     {
         let installedBrowsers = preferredBrowsers.isEmpty
             ? self.cookieImportOrder.cookieImportCandidates(using: browserDetection)
             : preferredBrowsers.cookieImportCandidates(using: browserDetection)
+        var sessions: [SessionInfo] = []
 
         for browserSource in installedBrowsers {
             do {
@@ -44,7 +60,7 @@ public enum QoderCookieImporter {
                     let cookies = BrowserCookieClient.makeHTTPCookies(source.records, origin: query.origin)
                     guard !cookies.isEmpty else { continue }
                     self.emit("Found \(cookies.count) cookies in \(source.label)", logger: logger)
-                    return SessionInfo(cookies: cookies, sourceLabel: source.label)
+                    sessions.append(SessionInfo(cookies: cookies, sourceLabel: source.label))
                 }
             } catch {
                 BrowserCookieAccessGate.recordIfNeeded(error)
@@ -54,7 +70,10 @@ public enum QoderCookieImporter {
             }
         }
 
-        throw QoderUsageError.missingCredentials
+        guard !sessions.isEmpty else {
+            throw QoderUsageError.missingCredentials
+        }
+        return sessions
     }
 
     private static func emit(_ message: String, logger: ((String) -> Void)?) {

Sources/CodexBarCore/Providers/Qoder/QoderProviderDescriptor.swift

@@ -20,7 +20,7 @@ public enum QoderProviderDescriptor {
                 defaultEnabled: false,
                 isPrimaryProvider: false,
                 usesAccountFallback: false,
-                browserCookieOrder: ProviderBrowserCookieDefaults.defaultImportOrder,
+                browserCookieOrder: ProviderBrowserCookieDefaults.qoderCookieImportOrder,
                 dashboardURL: "https://qoder.com/account/usage",
                 statusPageURL: nil,
                 statusLinkURL: nil),
@@ -46,7 +46,11 @@ struct QoderWebFetchStrategy: ProviderFetchStrategy {
     let kind: ProviderFetchKind = .web
 
     func isAvailable(_ context: ProviderFetchContext) async -> Bool {
-        guard context.settings?.qoder?.cookieSource != .off else { return false }
+        let cookieSource = context.settings?.qoder?.cookieSource ?? .auto
+        guard cookieSource != .off else { return false }
+        if cookieSource == .manual {
+            return CookieHeaderNormalizer.normalize(context.settings?.qoder?.manualCookieHeader) != nil
+        }
         #if os(macOS)
         return true
         #else
@@ -55,26 +59,35 @@ struct QoderWebFetchStrategy: ProviderFetchStrategy {
     }
 
     func fetch(_ context: ProviderFetchContext) async throws -> ProviderFetchResult {
-        #if os(macOS)
         let cookieSource = context.settings?.qoder?.cookieSource ?? .auto
+        var attemptedSourceLabel: String?
         do {
-            let (cookieHeader, sourceLabel) = try Self.resolveCookieHeader(context: context, allowCached: true)
-            let snapshot = try await QoderUsageFetcher.fetchUsage(cookieHeader: cookieHeader)
+            let (cookieHeader, sourceLabel) = try Self.resolveCookieHeader(
+                context: context,
+                allowCached: true,
+                skippingSourceLabel: nil)
+            attemptedSourceLabel = sourceLabel
+            let snapshot = try await QoderUsageFetcher.fetchUsage(
+                cookieHeader: cookieHeader,
+                timeout: context.webTimeout)
             return self.makeResult(usage: snapshot.toUsageSnapshot(), sourceLabel: sourceLabel)
         } catch QoderUsageError.invalidCredentials where cookieSource != .manual {
             CookieHeaderCache.clear(provider: .qoder)
-            let (cookieHeader, sourceLabel) = try Self.resolveCookieHeader(context: context, allowCached: false)
-            let snapshot = try await QoderUsageFetcher.fetchUsage(cookieHeader: cookieHeader)
+            let (cookieHeader, sourceLabel) = try Self.resolveCookieHeader(
+                context: context,
+                allowCached: false,
+                skippingSourceLabel: attemptedSourceLabel)
+            let snapshot = try await QoderUsageFetcher.fetchUsage(
+                cookieHeader: cookieHeader,
+                timeout: context.webTimeout)
             return self.makeResult(usage: snapshot.toUsageSnapshot(), sourceLabel: sourceLabel)
         }
-        #else
-        throw QoderUsageError.missingCredentials
-        #endif
     }
 
     private static func resolveCookieHeader(
         context: ProviderFetchContext,
-        allowCached: Bool) throws -> (cookieHeader: String, sourceLabel: String)
+        allowCached: Bool,
+        skippingSourceLabel: String?) throws -> (cookieHeader: String, sourceLabel: String)
     {
         if context.settings?.qoder?.cookieSource == .manual {
             guard let manual = CookieHeaderNormalizer.normalize(context.settings?.qoder?.manualCookieHeader) else {
@@ -86,17 +99,24 @@ struct QoderWebFetchStrategy: ProviderFetchStrategy {
         #if os(macOS)
         if allowCached,
            let cached = CookieHeaderCache.load(provider: .qoder),
-           !cached.cookieHeader.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty
+           !cached.cookieHeader.trimmingCharacters(in: .whitespacesAndNewlines).isEmpty,
+           shouldUseSourceLabel(cached.sourceLabel, skipping: skippingSourceLabel)
         {
-            return (cached.cookieHeader, "cached")
+            return (cached.cookieHeader, cached.sourceLabel)
         }
 
-        let session: QoderCookieImporter.SessionInfo
+        let sessions: [QoderCookieImporter.SessionInfo]
         do {
-            session = try QoderCookieImporter.importSession(browserDetection: context.browserDetection)
+            sessions = try QoderCookieImporter.importSessions(browserDetection: context.browserDetection)
         } catch {
             throw QoderUsageError.missingCredentials
         }
+        guard let session = sessions.first(where: { Self.shouldUseSourceLabel(
+            $0.sourceLabel,
+            skipping: skippingSourceLabel) })
+        else {
+            throw QoderUsageError.missingCredentials
+        }
         guard !session.cookies.isEmpty else {
             throw QoderUsageError.missingCredentials
         }
@@ -110,6 +130,11 @@ struct QoderWebFetchStrategy: ProviderFetchStrategy {
         #endif
     }
 
+    private static func shouldUseSourceLabel(_ sourceLabel: String, skipping skippedLabel: String?) -> Bool {
+        guard let skippedLabel else { return true }
+        return sourceLabel != skippedLabel
+    }
+
     func shouldFallback(on _: Error, context _: ProviderFetchContext) -> Bool {
         false
     }

Sources/CodexBarCore/Providers/Qoder/QoderUsageFetcher.swift

@@ -6,7 +6,6 @@ import FoundationNetworking
 public enum QoderUsageFetcher {
     private static let log = CodexBarLog.logger(LogCategories.qoderUsage)
     private static let usageURL = URL(string: "https://qoder.com/api/v2/me/usages/big_model_credits")!
-    private static let requestTimeoutSeconds: TimeInterval = 15
     private static let webOrigin = "https://qoder.com"
     private static let userAgent =
         "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) " +
@@ -15,19 +14,21 @@ public enum QoderUsageFetcher {
     public static func fetchUsage(
         cookieHeader: String,
         transport: any ProviderHTTPTransport = ProviderHTTPClient.shared,
-        now: Date = Date()) async throws -> QoderUsageSnapshot
+        now: Date = Date(),
+        timeout: TimeInterval = 15) async throws -> QoderUsageSnapshot
     {
-        let data = try await self.send(cookieHeader: cookieHeader, transport: transport)
+        let data = try await self.send(cookieHeader: cookieHeader, transport: transport, timeout: timeout)
         return try self.parseUsage(data: data, now: now)
     }
 
     private static func send(
         cookieHeader: String,
-        transport: any ProviderHTTPTransport) async throws -> Data
+        transport: any ProviderHTTPTransport,
+        timeout: TimeInterval) async throws -> Data
     {
         var request = URLRequest(url: self.usageURL)
         request.httpMethod = "GET"
-        request.timeoutInterval = self.requestTimeoutSeconds
+        request.timeoutInterval = timeout
         request.setValue(cookieHeader, forHTTPHeaderField: "Cookie")
         request.setValue("application/json, text/plain, */*", forHTTPHeaderField: "Accept")
         request.setValue("en-US,en;q=0.9", forHTTPHeaderField: "Accept-Language")

Tests/CodexBarTests/CLIEntryTests.swift

@@ -377,6 +377,20 @@ final class CLIEntryTests: XCTestCase {
                 commandcode: .init(
                     cookieSource: .auto,
                     manualCookieHeader: nil))))
+        XCTAssertFalse(CodexBarCLI.sourceModeRequiresWebSupport(
+            .web,
+            provider: .qoder,
+            settings: ProviderSettingsSnapshot.make(
+                qoder: .init(
+                    cookieSource: .manual,
+                    manualCookieHeader: "sid=manual"))))
+        XCTAssertTrue(CodexBarCLI.sourceModeRequiresWebSupport(
+            .web,
+            provider: .qoder,
+            settings: ProviderSettingsSnapshot.make(
+                qoder: .init(
+                    cookieSource: .auto,
+                    manualCookieHeader: nil))))
         XCTAssertTrue(CodexBarCLI.sourceModeRequiresWebSupport(
             .auto,
             provider: .opencode,