[codex] Add Doubao coding plan usage

[LeoLin990405]

Summary

Fixes #1724.

This adds first-class Doubao Coding Plan usage fetching through Volcengine's signed OpenAPI path while preserving the existing Ark API-key probe as a fallback.

What changed

• Add Volcengine AK/SK/region settings and environment projection for Doubao.
• Add HMAC-SHA256 Volcengine request signing for GetCodingPlanUsage.
• Parse QuotaUsage into 5-hour, weekly, and monthly usage windows.
• Keep the legacy Ark bearer-token probe when only an Ark API key is configured.

Investigation notes

opencli inspection of the Volcengine Ark console showed the Coding Plan page calling GetCodingPlanUsage, returning session, weekly, and monthly percentages plus reset timestamps. The signing implementation follows Volcengine's documented/demo HMAC-SHA256 request shape with the date/region/service/request credential scope.

Supplemental live proof

Redacted OpenCLI console-network proof from 2026-06-25 confirmed a successful live Coding Plan response shape from the logged-in Volcengine Ark console:

{
  "httpStatus": 200,
  "action": "GetCodingPlanUsage",
  "version": "2024-01-01",
  "service": "ark",
  "region": "cn-beijing",
  "resultStatus": "Running",
  "quotaUsage": [
    { "level": "session", "percent": 0.01392 },
    { "level": "weekly", "percent": 3.2836043333333333 },
    { "level": "monthly", "percent": 7.623784166666667 }
  ]
}

No cookies, auth headers, account IDs, request IDs, phone/email, raw identity responses, or secrets are included. The full redacted proof comment is at #1727 (comment).

Remaining ClawSweeper gate: this machine only has an Ark bearer token, not Volcengine AK/SK credentials, so it cannot yet produce the requested after-fix CodexBar signed-path run. Maintainer decision needed: provide/approve a temporary AK/SK proof path, accept the console-proxy proof plus tests as sufficient, or pause/reject the Doubao-specific AK/SK credential surface.

Validation

• make check
• swift test --filter 'Doubao|ProviderConfigEnvironment|ConfigValidation'
• swift run CodexBarCLI usage --provider doubao --source auto --json with Ark fallback present and no error

[LeoLin990405]

OpenCLI follow-up notes for reviewers:

• The Volcengine console probes showed the Coding Plan flow calling ListSubscribeTrade and GetCodingPlanUsage under the Ark 2024-01-01 console API surface.
• GetCodingPlanUsage returns quota windows keyed as session, weekly, and monthly, each with percent usage and reset timestamps. The PR maps those into CodexBar's primary/secondary/tertiary rate windows.
• Runtime auth intentionally uses user-provided Volcengine AK/SK/region and standard OpenAPI signing, not browser cookies from the console session.
• Signing references used while implementing the request:
  • https://raw.githubusercontent.com/volcengine/volc-openapi-demos/main/signature/golang/sign.go
  • https://raw.githubusercontent.com/volcengine/volc-sdk-golang/main/base/sign.go

Validation already run locally:

• make check
• swift test --filter 'Doubao|ProviderConfigEnvironmentTests'

[LeoLin990405]

Pushed eefcab40: the Volcengine V4 signer emitted canonical headers / SignedHeaders as host;x-date;x-content-sha256;content-type — unsorted. Volcengine V4 (AWS-SigV4-derived) requires them sorted by lower-cased header name; the server re-sorts and recomputes, so the unsorted list would have failed every live GetCodingPlanUsage call with a signature mismatch (HTTP 403). Sorted to content-type;host;x-content-sha256;x-date + updated the test expectation.

Heads-up: the signing test asserts structure only (credential scope + SignedHeaders string), not a golden signature, so it would not have caught this. A real AK/SK request is still needed to confirm the server accepts the signature end-to-end. The decode/mapping (QuotaUsage session/weekly/monthly → RateWindow) I verified against a live console response and it matches.

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed June 25, 2026, 12:12 AM ET / 04:12 UTC.

Summary
The branch adds Volcengine AK/SK/region settings, signed Doubao GetCodingPlanUsage fetching, Coding Plan window parsing, dynamic Doubao labels, Ark fallback preservation, and focused tests.

Reproducibility: not applicable. this is a feature/auth-surface PR, not a broken existing contract. Source inspection shows current main lacks GetCodingPlanUsage, and the PR behavior is covered by tests but not by a live signed AK/SK run.

Review metrics: 2 noteworthy metrics.

• Changed surface: 15 files, +1019/-36. The PR spans settings, config projection, provider fetching, menu/widget labels, and tests, so it should be reviewed as provider/auth work rather than a parser-only patch.
• New signer: 1 Volcengine signer added. A new request-signing implementation is the highest-risk runtime path because tests check request shape but not live server acceptance.

Root-cause cluster
Relationship: fixed_by_candidate
Canonical: #1724
Summary: This PR is the implementation candidate for the open Doubao Coding Plan usage issue; the custom-provider issue is broader provider-extensibility work, not a replacement for this branch.

Members:

• canonical: Doubao: surface Coding Plan usage (session/weekly/monthly) via GetCodingPlanUsage instead of "Limits not available" #1724 - The PR body says it fixes the issue, and the issue requests the exact GetCodingPlanUsage Doubao Coding Plan capability implemented here.
• adjacent_distinct: [Feature] Declarative "Custom Provider": bring-your-own endpoint + JSONPath field mapping #1735 - The issue mentions Doubao as an example of provider demand, but it proposes a generic custom-provider product direction rather than this signed first-class Doubao integration.

Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything.

Merge readiness
Overall: 🦪 silver shellfish
Proof: 🦪 silver shellfish
Patch quality: 🐚 platinum hermit
Result: blocked until stronger real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• Post redacted terminal/live output, logs, or a linked artifact showing CodexBar successfully fetching GetCodingPlanUsage with Volcengine AK/SK; redact secrets and private account data.
• [P1] Get explicit maintainer approval to accept, narrow, or reject the new Doubao AK/SK credential surface.

Proof guidance:

• [P1] Needs stronger real behavior proof before merge: The console-proxy GetCodingPlanUsage output and Ark fallback CLI output are useful, but they do not show the after-fix CodexBar signed AK/SK path succeeding. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

• [P1] The PR deliberately adds a new Doubao credential mode and overloads the existing apiKey field for Ark bearer keys versus Volcengine access-key IDs, so existing-user upgrade behavior still needs maintainer-visible acceptance.
• [P1] The signed GetCodingPlanUsage path has parser and request-shape tests, but no after-fix CodexBar request with a real Volcengine AK/SK pair; signing, endpoint, region, and account-permission mismatches would only show up at runtime.
• [P1] Adding user-provided Volcengine AK/SK for Doubao is an auth/privacy surface change even though it follows existing ProviderConfig secretKey patterns.

Maintainer options:

1. Require signed-path proof before merge (recommended)
   Ask for redacted terminal output, app logs, copied live output, or an artifact showing CodexBar successfully fetching GetCodingPlanUsage with a real Volcengine AK/SK pair while preserving Ark fallback behavior.
2. Accept the alternate proof deliberately
   A maintainer can explicitly accept the console-proxy response proof plus tests as enough for this provider path, while owning the risk that the signed client path has not been exercised live.
3. Pause the Doubao-specific credential surface
   If maintainers prefer a generic custom-provider direction or do not want Doubao-specific AK/SK handling, pause or close this PR and keep the product decision on the linked issue.

Next step before merge

• [P1] Human review is needed for signed-path proof and maintainer approval of the new Doubao AK/SK auth surface; there is no narrow automated repair left from this review.

Security
Cleared: No concrete security or supply-chain defect was found in the diff, though the new AK/SK credential surface still needs maintainer acceptance.

Review details

Best possible solution:

Land a maintainer-approved version that preserves Ark fallback compatibility, documents the Doubao AK/SK setup, and includes redacted real signed Coding Plan proof before release.

Do we have a high-confidence way to reproduce the issue?

Not applicable: this is a feature/auth-surface PR, not a broken existing contract. Source inspection shows current main lacks GetCodingPlanUsage, and the PR behavior is covered by tests but not by a live signed AK/SK run.

Is this the best way to solve the issue?

Unclear until maintainer sign-off and live proof. The implementation is a narrow first-class provider path with compatibility tests, but the Doubao AK/SK credential surface is a product/auth decision.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against ada3660e9d61.

Label changes

Label justifications:

• P2: This is a normal-priority provider improvement with limited blast radius but real user-visible value for Doubao Coding Plan users.
• merge-risk: 🚨 compatibility: The diff changes Doubao credential precedence and labels while trying to preserve Ark fallback, so upgrade behavior for existing Ark-key setups needs review.
• merge-risk: 🚨 auth-provider: The PR adds new Volcengine AK/SK/region handling and provider routing between signed Coding Plan and Ark bearer probes.
• merge-risk: 🚨 security-boundary: The PR introduces storage and use of a cloud secret-access-key credential for Doubao, which is a sensitive auth/privacy surface even without a concrete leak found.
• rating: 🦪 silver shellfish: Overall readiness is 🦪 silver shellfish; proof is 🦪 silver shellfish and patch quality is 🐚 platinum hermit.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: The console-proxy GetCodingPlanUsage output and Ark fallback CLI output are useful, but they do not show the after-fix CodexBar signed AK/SK path succeeding. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Evidence reviewed

What I checked:

• Repository policy read: AGENTS.md was read fully; its provider guidance steers this review toward focused parser/provider tests and away from live credential probes unless explicitly requested. (AGENTS.md:31, ada3660e9d61)
• Vision sign-off boundary: VISION.md says new provider coverage can fit CodexBar, but behavior that affects provider auth, data storage, or privacy needs sign-off. (VISION.md:7, ada3660e9d61)
• Current main lacks signed Coding Plan support: Current main's Doubao descriptor still resolves a single API token and calls the Ark bearer-key usage fetcher; there is no Volcengine AK/SK strategy on main. (Sources/CodexBarCore/Providers/Doubao/DoubaoProviderDescriptor.swift:33, ada3660e9d61)
• Current docs describe only Ark API-key setup: The Doubao docs on current main document API-key setup and Ark chat-completions request-limit probing, not GetCodingPlanUsage or AK/SK credentials. (docs/doubao.md:11, ada3660e9d61)
• PR adds signed Coding Plan fetch: The PR head adds fetchCodingPlanUsage, builds a signed Volcengine OpenAPI request, decodes GetCodingPlanUsage, and maps Coding Plan usage into Doubao snapshots. (Sources/CodexBarCore/Providers/Doubao/DoubaoUsageFetcher.swift:210, 41fc3235746f)
• PR adds credential precedence handling: The PR head adds Doubao-specific config/environment merging that distinguishes Ark bearer keys from AKLT access-key IDs and clears incomplete signed credentials before falling back. (Sources/CodexBarCore/Config/ProviderConfigEnvironment.swift:290, 41fc3235746f)

Likely related people:

• LeoLin990405: Authored the original merged Qwen/Doubao provider work and the merged false-100% Doubao usage fix, so this path is connected to prior merged Doubao behavior beyond this PR. (role: feature introducer and recent Doubao area contributor; confidence: high; commits: 6eb3699ec977, a31709838797; files: Sources/CodexBarCore/Providers/Doubao/DoubaoUsageFetcher.swift, Sources/CodexBarCore/Providers/Doubao/DoubaoProviderDescriptor.swift, Tests/CodexBarTests/DoubaoUsageFetcherTests.swift)
• steipete: Authored recent Doubao unavailable-quota work and provider registration refactors touching the same descriptor/fetcher area, and VISION.md sign-off points to maintainer judgment for provider auth/privacy changes. (role: recent area contributor and auth-surface decision owner; confidence: high; commits: 4a6fa81c3e1f, fa1a03840ce1, 22a07ef225df; files: Sources/CodexBarCore/Providers/Doubao/DoubaoUsageFetcher.swift, Sources/CodexBarCore/Providers/Doubao/DoubaoProviderDescriptor.swift, Sources/CodexBarCore/Providers/ProviderDescriptor.swift)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: eefcab4092

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[LeoLin990405]

Addressed the current P2 in 22a6bad6:

• Merged Doubao config/env Volcengine AK/SK before projecting Coding Plan credentials, so config AK + env SK (and the reverse) now takes the signed Coding Plan path instead of falling back to ARK_API_KEY.
• Allowed Doubao secretKey and region in config validation.

Validation:

• swift test --filter 'Doubao|ProviderConfigEnvironment|ConfigValidation'
• make check

Proof note: I checked local env/config presence without printing secret values. This machine has Doubao API-key material but no Volcengine AK/SK pair, so I still cannot produce the requested signed Coding Plan live fetch proof here. That still needs real Volcengine AK/SK.

@codex review
@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 22a6bad6d5

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[LeoLin990405]

Addressed the new Ark preservation P2 in decf7f4f:

• Treats the shared Doubao apiKey field as a signed Coding Plan access key only when it has the Volcengine AKLT... shape.
• Keeps Ark bearer keys projected to ARK_API_KEY and clears AK/SK keys in the override env so Coding Plan does not win accidentally.
• Added regressions for Ark + env secret, Ark + config secret, and Ark overriding complete env AK/SK credentials.

Validation:

• swift test --filter 'Doubao|ProviderConfigEnvironment|ConfigValidation'\n- make check\n\nReal Coding Plan proof is still unavailable from this machine because no Volcengine AK/SK env/config credentials are present; local config only has Ark-style API keys.\n\n@codex review\n@clawsweeper re-review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: decf7f4f66

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[LeoLin990405]

Addressed the latest Doubao P2s in b63582af:

• Added VOLCENGINE_SECRET_KEY as a Doubao signed Coding Plan secret alias so VOLCENGINE_ACCESS_KEY / VOLCENGINE_SECRET_KEY works as a pair.
• Stopped projecting incomplete AKLT... access-key IDs into ARK_API_KEY; if no matching secret is available, the override leaves the Ark bearer path to any existing base Ark token instead of sending an access key to the Ark probe.
• Added regressions for the new secret alias, incomplete AKLT credentials, and preserving a base Ark fallback.

Validation:

• swift test --filter 'Doubao|ProviderConfigEnvironment|ConfigValidation'\n- make check\n\nReal Coding Plan proof is still unavailable from this machine because no Volcengine AK/SK env/config credentials are present.\n\n@codex review\n@clawsweeper re-review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b63582afd7

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[LeoLin990405]

Addressed the signed-to-Ark fallback P2 in f17026c9:

• If signed Doubao Coding Plan credentials are present but the signed fetch fails, the strategy now falls back to an available Ark bearer token instead of returning the signed error immediately.
• Cancellation still propagates and does not trigger Ark fallback.
• Added injectable loaders for the Doubao API strategy so the fallback and cancellation behavior are covered without live network calls.

Validation:

• swift test --filter 'Doubao|ProviderConfigEnvironment|ConfigValidation'\n- make check\n\nReal Coding Plan proof is still unavailable from this machine because no Volcengine AK/SK env/config credentials are present.\n\n@codex review\n@clawsweeper re-review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f17026c97b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[LeoLin990405]

Addressed the VOLC_* alias P2 in 9678247b:

• Added VOLC_ACCESSKEY, VOLC_SECRETKEY, and VOLC_REGION to the Doubao signed Coding Plan environment readers.
• Added a regression covering the full VOLC_* AK/SK/region env-only credential set.

Validation:

• swift test --filter 'Doubao|ProviderConfigEnvironment|ConfigValidation'
• make check

Real Coding Plan proof is still unavailable from this machine because no Volcengine AK/SK env/config credentials are present.

@codex review
@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9678247b12

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[LeoLin990405]

Addressed the Ark request-label P2 in d4a14190:

• Added a Doubao primary label helper that keeps Ark request-limit snapshots labeled Requests.
• Wired that label through the menu card, menu descriptor, and widget snapshot paths.
• Added regressions for Ark request windows, Coding Plan 5-hour windows, and the signed-to-Ark fallback path.

Validation:

• swift test --filter 'Doubao|ProviderConfigEnvironment|ConfigValidation'
• make check

Real Coding Plan proof is still unavailable from this machine because no Volcengine AK/SK env/config credentials are present.

@codex review
@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d4a1419065

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[LeoLin990405]

Addressed the Coding Plan reset P2s in 41fc3235:

• Removed percentage text from Coding Plan resetDescription, so the UI no longer renders Resets 12.5% used.
• Treat non-positive UpdateTimestamp / ResetTimestamp values as missing before creating Dates, avoiding 1970/now reset artifacts.
• Added regression coverage for ResetTimestamp 0 and -1, fallback updatedAt, and nil Coding Plan reset descriptions.

Validation:

• swift test --filter 'Doubao|ProviderConfigEnvironment|ConfigValidation'
• make check

Real Coding Plan proof is still unavailable from this machine because no Volcengine AK/SK env/config credentials are present.

@codex review
@clawsweeper re-review

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Already looking forward to the next diff.

Reviewed commit: 41fc323574

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[LeoLin990405]

Supplemental redacted Coding Plan proof

Current branch head: 41fc3235746f38543988192b801ad1fe2a86cad1.

This does not replace ClawSweeper's requested after-fix CodexBar signed AK/SK proof, but it narrows the remaining blocker and confirms the live Coding Plan response shape the PR implements.

What I could verify from this machine today:

• Local credentials have an Ark bearer token only; no Volcengine/Doubao AK/SK is present, so CodexBar cannot exercise the signed path here without a new/provided AccessKey + SecretKey.
• swift run CodexBarCLI usage --provider doubao --source auto --json on this PR head completes through source api without an error, so the existing Ark fallback path is still callable.
• OpenCLI against the logged-in Volcengine Ark console captured a successful console-proxy GetCodingPlanUsage call for Coding Plan. The redacted, non-account-identifying fields are:

{
  "observedAt": "2026-06-25T03:58:33Z",
  "httpStatus": 200,
  "action": "GetCodingPlanUsage",
  "version": "2024-01-01",
  "service": "ark",
  "region": "cn-beijing",
  "resultStatus": "Running",
  "updatedAt": "2026-06-25 11:58:34 CST",
  "quotaUsage": [
    {
      "level": "session",
      "percent": 0.01392,
      "resetAt": "2026-06-25 15:46:05 CST"
    },
    {
      "level": "weekly",
      "percent": 3.2836043333333333,
      "resetAt": "2026-06-29 00:00:00 CST"
    },
    {
      "level": "monthly",
      "percent": 7.623784166666667,
      "resetAt": "2026-06-25 23:59:59 CST"
    }
  ]
}

No cookies, auth headers, account IDs, request IDs, phone/email, raw identity responses, or secrets are included.

Remaining decision before this can clear the ClawSweeper gate:

1. Provide/approve a temporary Volcengine AK/SK proof path so I can run CodexBar's signed GetCodingPlanUsage implementation and post redacted output.
2. Explicitly accept the console-proxy GetCodingPlanUsage proof + current tests as sufficient for this PR.
3. Reject or pause the Doubao-specific AK/SK credential surface.

@steipete could you pick the path you want here? I am holding off on another @clawsweeper re-review until there is either signed-path proof or maintainer acceptance of an alternative, to avoid a noisy rerun.