[codex] Add Codex reset credit menu

[brahimhamichan]

Summary

• Add Codex reset credit fetching and consumption through the existing Codex OAuth usage flow.
• Show a native Codex menu item with available reset count, next-expiry subtitle, per-credit submenu rows, and a Use Reset action.
• Show reset submenu/settings rows with time remaining plus absolute expiry date.
• Add the Codex reset bank to Providers > Codex settings with available count, next expiry, reset rows, and Use Reset.
• Post expiry notifications for available reset credits expiring within three days.

Why

Codex exposes banked manual rate-limit resets locally through the same authenticated account context. CodexBar can surface those credits beside existing Codex usage data instead of requiring a separate watcher app.

Validation

• swift test --filter CodexResetCreditsMenuCardTests
• swift test --filter CodexRateLimitResetCreditsTests
• swift test --filter CodexResetCreditExpiryNotifierTests
• swift test --filter UserFacingLocalizationCoverageTests
• git diff --check
• ./Scripts/compile_and_run.sh
• Manually verified live menu, reset-credit submenu countdown rows, and Providers > Codex settings reset bank on macOS

Notes

Draft PR for review only.

[clawsweeper]

Codex review: needs changes before merge. Reviewed June 23, 2026, 12:29 AM ET / 04:29 UTC.

Summary
The PR adds Codex reset-credit fetching, native menu/settings reset-bank UI, credit consumption, expiry notifications, localizations, and focused tests.

Reproducibility: yes. Source inspection gives a high-confidence path: build a Codex model with positive codexResetCredits and no primary/secondary windows, then the PR's layout predicates classify the card as header-only and skip reset-credit content.

Review metrics: 2 noteworthy metrics.

• Changed surface: 44 files, +1084/-96. The feature spans provider auth, menu/settings UI, localizations, and tests, so review should cover more than the visible button.
• Account-spending paths: 1 consume endpoint, 2 UI entry points. Both the menu and settings Use Reset paths can spend one finite provider-side Codex credit.

Merge readiness
Overall: 🦐 gold shrimp
Proof: 🦞 diamond lobster ✨ media proof bonus
Patch quality: 🦐 gold shrimp
Result: needs maintainer review before merge.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P2] Restore reset credits in the usage-content and stacked-layout predicates and add a focused reset-only menu-card regression test.
• Get explicit maintainer acceptance for spending finite Codex reset credits from the app.

Mantis proof suggestion
A short macOS visual proof would help maintainers verify the native menu/settings reset-bank and destructive confirmation flow after the layout fix. A maintainer can ask Mantis to capture proof by posting this exact PR comment:

@openclaw-mantis visual task: verify CodexBar shows Codex reset credits in the menu/settings and that Use Reset shows confirmation before the reset count decreases.

Risk before merge

• [P1] The PR adds a UI action that spends a finite Codex provider-side reset credit, so maintainers still need to explicitly accept the account-affecting UX and auth-provider semantics.
• [P1] Validation commands were not run in this read-only review; the assessment relies on source inspection, PR-provided validation, and inspected screenshots.

Maintainer options:

1. Restore Reset-Only Display First (recommended)
   Put codexResetCredits back into the usage-content and stacked-layout predicates after the presentation rename, and add a reset-only menu-card regression test before merge.
2. Accept The Confirmed Spend Flow
   A maintainer can explicitly accept the account-affecting reset-credit consume UX once the layout regression is fixed.
3. Pause If Display-Only Is Preferred
   If CodexBar should not spend provider-side reset credits, pause or close this PR and keep the feature request for product direction.

Copy recommended automerge instruction

@clawsweeper automerge

Special instructions:
Restore codexResetCredits in hasUsageContent and usesStackedDetailLayout after the presentation rename, and add a CodexResetCreditsMenuCardTests reset-only snapshot regression. Do not change redemption behavior or CHANGELOG.md.

Next step before merge

• [P2] Automated repair can address the concrete layout regression; maintainer approval of provider-spend semantics remains separate.

Security
Cleared: No concrete supply-chain or credential-boundary regression was found; the auth-sensitive changes use existing Codex OAuth token storage and scoped account headers.

Review findings

• [P2] Keep reset-only credits in the usage card layout — Sources/CodexBar/MenuCardView+ModelHelpers.swift:64-77

Review details

Best possible solution:

Restore reset-only display compatibility, keep the scoped OAuth redemption path, and land only after maintainer sign-off on the finite-credit confirmation UX.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection gives a high-confidence path: build a Codex model with positive codexResetCredits and no primary/secondary windows, then the PR's layout predicates classify the card as header-only and skip reset-credit content.

Is this the best way to solve the issue?

No. The PR should keep codexResetCredits in the same usage-content and stacked-layout predicates that current main uses, with a regression test for reset-only snapshots.

Full review comments:

• [P2] Keep reset-only credits in the usage card layout — Sources/CodexBar/MenuCardView+ModelHelpers.swift:64-77
  Current main supports a Codex OAuth result with no rate-limit windows but positive reset credits, and it counts those credits as usage/stacked content so the card renders them. This patch removes codexResetCredits from both layout predicates while leaving the reset-credit view inside UsageMenuCardUsageContentView, so that reset-only state becomes a header-only card and hides the reset bank.
  Confidence: 0.9

Overall correctness: patch is incorrect
Overall confidence: 0.9

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against ef8007fc16ce.

Label changes

Label changes:

• add merge-risk: 🚨 compatibility: The PR removes reset credits from current layout predicates and can hide reset-only credits that current main intentionally renders.
• add rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🦞 diamond lobster and patch quality is 🦐 gold shrimp.
• add status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (screenshot): Inspected screenshots show the Codex menu/settings reset bank and a before/after Use Reset flow where the available count drops from 3 to 2.
• remove status: 👀 ready for maintainer look: Current PR status label is status: ⏳ waiting on author.
• remove rating: 🐚 platinum hermit: Current PR rating is rating: 🦐 gold shrimp, so this older rating label is no longer current.

Label justifications:

• P2: This is a normal-priority Codex provider feature with limited blast radius but meaningful auth-provider and display-compatibility implications.
• merge-risk: 🚨 compatibility: The PR removes reset credits from current layout predicates and can hide reset-only credits that current main intentionally renders.
• merge-risk: 🚨 auth-provider: The diff adds OAuth-authenticated Codex reset-credit fetching and redemption that can affect account-scoped provider state.
• rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🦞 diamond lobster and patch quality is 🦐 gold shrimp.
• status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (screenshot): Inspected screenshots show the Codex menu/settings reset bank and a before/after Use Reset flow where the available count drops from 3 to 2.
• proof: sufficient: Contributor real behavior proof is sufficient. Inspected screenshots show the Codex menu/settings reset bank and a before/after Use Reset flow where the available count drops from 3 to 2.
• proof: 📸 screenshot: Contributor real behavior proof includes screenshot evidence. Inspected screenshots show the Codex menu/settings reset bank and a before/after Use Reset flow where the available count drops from 3 to 2.

Evidence reviewed

Acceptance criteria:

• [P1] swift test --filter CodexResetCreditsMenuCardTests.
• [P1] swift test --filter CodexOAuthTests.
• [P1] make check.

What I checked:

• AGENTS.md policy read: The repository policy was read in full; Codex provider data siloing, scoped auth/provider routing, and Keychain-safe validation guidance apply to this review. (AGENTS.md:1, ef8007fc16ce)
• Current main lacks reset redemption: Current main has no reset-credit consume endpoint, Use Reset action, reset success/failure strings, or reset expiry notifier, so this PR is not obsolete. (ef8007fc16ce)
• Reset-only source path exists: Current tests assert an OAuth payload with null primary/secondary windows and positive reset credits still returns a usage result with codexResetCredits availableCount 2. (Tests/CodexBarTests/CodexOAuthTests.swift:700, ef8007fc16ce)
• Current main layout guard: Current main counts codexResetCreditsText as usage content and stacked detail content, which lets reset-only Codex snapshots render through the usage-card path. (Sources/CodexBar/MenuCardView+ModelHelpers.swift:64, ef8007fc16ce)
• PR layout regression: On the PR head, UsageMenuCardUsageContentView still renders codexResetCredits, but hasUsageContent and usesStackedDetailLayout no longer include codexResetCredits. (Sources/CodexBar/MenuCardView+ModelHelpers.swift:64, 3786c5f1988a)
• PR consume implementation: The PR loads OAuth tokens from the Codex reset-credit environment, posts the consume request, refreshes Codex usage, and returns the provider response. (Sources/CodexBar/UsageStore+CodexResetCredits.swift:37, 3786c5f1988a)

Likely related people:

• rogdex24: Authored the merged reset-credit display PR that introduced the affected model/layout behavior and tests this PR extends. (role: feature owner; confidence: high; commits: a3ea16743560; files: Sources/CodexBar/MenuCardView+ModelHelpers.swift, Sources/CodexBar/MenuCardView.swift, Tests/CodexBarTests/CodexResetCreditsMenuCardTests.swift)
• Peter Steinberger: Co-authored/released the reset-credit display implementation and is the recent blame holder for the current layout predicate lines in this checkout. (role: recent area contributor; confidence: medium; commits: a3ea16743560, f380287041b8; files: Sources/CodexBar/MenuCardView+ModelHelpers.swift)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[brahimhamichan]

Screenshots of the implementation:

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 35fbd302d4

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[brahimhamichan]

Before and after using the use rest button

Before: [had 3 rests]

After: [Left with 2 resets]

[brahimhamichan]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

[brahimhamichan]

@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.