Skip to content

MiniMax: usage summary dashboard UI#1982

Open
Yuxin-Qiao wants to merge 4 commits into
steipete:mainfrom
Yuxin-Qiao:feat/minimax-usage-dashboard
Open

MiniMax: usage summary dashboard UI#1982
Yuxin-Qiao wants to merge 4 commits into
steipete:mainfrom
Yuxin-Qiao:feat/minimax-usage-dashboard

Conversation

@Yuxin-Qiao

Copy link
Copy Markdown
Contributor

Summary

Split from #1821 (PR B). Merge after #1981.

  • Fetch and parse console usage_summary with pricing projection
  • Main card KPI grid + cost sparkline
  • Token usage details submenu and localized strings
  • Menu prewarm helpers for merged-provider switching

Test plan

  • swift build
  • swift test --filter MiniMaxUsageSummary
  • swift test --filter MiniMaxUsagePricing

Merge order

  1. MiniMax: Token Plan recharge credits and web session enrichment #1981 (credits + web enrichment)
  2. This PR

Made with Cursor

Yuxin-Qiao and others added 2 commits July 8, 2026 11:29
Add token_plan_credit enrichment for cookie-backed refreshes, MiniMax Agent
desktop cookie import, API-token web enrichment resolver, and menu credit display.

Co-authored-by: Cursor <cursoragent@cursor.com>
Surface console usage-summary KPIs, cost trends, and token usage details in
the menu card and hosted submenus, stacked on the credit enrichment foundation.

Co-authored-by: Cursor <cursoragent@cursor.com>
@clawsweeper

clawsweeper Bot commented Jul 8, 2026

Copy link
Copy Markdown

Codex review: needs changes before merge. Reviewed July 8, 2026, 12:10 AM ET / 04:10 UTC.

Summary
The branch adds MiniMax console usage-summary parsing, projected cost/dashboard UI, token details menus, web-session credit enrichment support, localized strings, docs, screenshots, and focused tests.

Reproducibility: yes. Source inspection at the PR head reproduces the review blockers in formatter behavior, menu reachability, MiniMax auth parsing, group validation, Keychain access, and Codex credits fallback.

Review metrics: 3 noteworthy metrics.

  • Diff size: 75 files, +5878/-213. The branch crosses provider networking, UI, localization, docs, screenshots, and tests, so review needs more than ordinary CI signal.
  • Security-sensitive surfaces: desktop cookie import, Keychain read, web cookie enrichment. These surfaces affect user credentials and provider identity routing before merge.
  • Blocking findings: 6 P2 findings. Each finding is source-reproducible and should be resolved before this PR is considered merge-ready.

Root-cause cluster
Relationship: canonical
Canonical: #1982
Summary: This PR is the canonical split item for the MiniMax usage dashboard, while the broader closed source PR was superseded by split PRs and the open credit PR is an adjacent prerequisite.

Members:

Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🦞 diamond lobster ✨ media proof bonus
Patch quality: 🧂 unranked krab
Result: blocked by patch quality or review findings.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • [P2] Fix the six P2 review findings and add focused regression coverage for each repaired path.
  • Rebase or refresh after MiniMax: Token Plan recharge credits and web session enrichment #1981 is resolved so the stacked MiniMax web-session foundation is unambiguous.
  • [P2] Have a maintainer re-review the MiniMax Agent desktop-cookie and Keychain opt-out behavior after the repair.

Risk before merge

  • [P1] MiniMax web enrichment now handles cookies, group ids, and desktop-cookie Keychain decryption, so the current group-validation and Keychain opt-out bugs are security and auth-provider sensitive.
  • [P1] The branch is stacked with MiniMax: Token Plan recharge credits and web session enrichment #1981 and contains overlapping credit/web-session changes, so merge order and re-review after the prerequisite lands matter.
  • [P1] The removed Codex credits no-data guard can change existing Codex menu behavior outside the MiniMax feature surface.

Maintainer options:

  1. Fix the source blockers before merge (recommended)
    Repair the formatter, menu wiring, auth-payload parsing, group validation, Keychain opt-out, and Codex credits regressions, then re-run focused MiniMax and formatter checks.
  2. Split risky cookie handling out
    Keep the dashboard UI work separate from MiniMax Agent desktop-cookie import and token-credit enrichment if maintainers want a smaller review surface.
  3. Pause until prerequisite lands
    Wait for MiniMax: Token Plan recharge credits and web session enrichment #1981 to merge or close, then rebase this branch so reviewers assess only the dashboard-specific remainder.
Copy recommended automerge instruction
@clawsweeper automerge

Special instructions:
Fix the MiniMax usage dashboard blockers: preserve sub-percent UsageFormatter.usageLine formatting and tests, call addMiniMaxUsageSummarySectionIfNeeded from the provider menu assembly path, decode/check MiniMax base_resp before requiring usage-summary arrays, validate credit.groupIDs before attaching token-plan credit for a scoped group, honor KeychainAccessGate.isDisabled before MiniMax desktop cookie decryption, restore the Codex nil-credits/no-error hidden state, and add focused regression tests. Do not add dependencies or expand unrelated provider behavior.

Next step before merge

  • [P2] A focused repair can address the six source-level blockers; maintainer sign-off remains needed for the MiniMax cookie and Keychain direction after repair.

Maintainer decision needed

  • Question: Should CodexBar accept MiniMax Agent desktop-cookie import and console usage-summary enrichment as core provider behavior after the source-level blockers are repaired?
  • Rationale: The implementation crosses provider auth, browser-cookie, Keychain, and user-visible dashboard boundaries, so automation can repair the concrete bugs but cannot approve the permanent privacy/security product boundary.
  • Likely owner: steipete — Peter owns the repository and has the strongest recent history around MiniMax provider behavior, billing summaries, and Keychain/privacy policy.
  • Options:
    • Repair then security-review (recommended): Fix the current blockers, keep the feature behind existing optional usage settings, and have the MiniMax provider owner re-review the cookie/Keychain behavior before merge.
    • Narrow to dashboard only: Drop desktop-cookie and credit-enrichment changes from this PR and keep only usage-summary UI that depends on an already approved web-session source.
    • Pause feature direction: Close or pause this split PR until maintainers explicitly decide whether console-cookie enrichment belongs in core.

Security
Needs attention: The diff introduces concrete credential-boundary concerns in MiniMax desktop cookie import and scoped web-session credit attachment.

Review findings

  • [P2] Preserve sub-percent usage formatting — Sources/CodexBarCore/UsageFormatter.swift:87
  • [P2] Wire MiniMax usage details into menu assembly — Sources/CodexBar/StatusItemController+MiniMaxUsageSummarySection.swift:5
  • [P2] Decode MiniMax base_resp before required arrays — Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageSummary.swift:295-296
Review details

Best possible solution:

Land the MiniMax usage dashboard only after #1981 is resolved and this branch preserves existing formatting/Codex credits behavior, correctly gates cookies and Keychain access, validates MiniMax group identity, and wires the dashboard menu section.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection at the PR head reproduces the review blockers in formatter behavior, menu reachability, MiniMax auth parsing, group validation, Keychain access, and Codex credits fallback.

Is this the best way to solve the issue?

No. The feature direction may be useful, but this implementation is not yet the narrowest maintainable solution because it changes auth/session and existing menu behavior without preserving current safety guards.

Full review comments:

  • [P2] Preserve sub-percent usage formatting — Sources/CodexBarCore/UsageFormatter.swift:87
    This prior blocker is still present: percentText formats with %.0f before replacing only 0%, so values like 0.6 become 1% used instead of <1% used; the PR also removes the regression assertions that covered that range.
    Confidence: 0.95
  • [P2] Wire MiniMax usage details into menu assembly — Sources/CodexBar/StatusItemController+MiniMaxUsageSummarySection.swift:5
    This new section is still only defined and never called, so the Token usage details submenu plus web-session recovery/source rows remain unreachable even after a MiniMax usage summary is fetched.
    Confidence: 0.96
  • [P2] Decode MiniMax base_resp before required arrays — Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageSummary.swift:295-296
    daily_token_usage and date_model_usage are required during decoding, so a base_resp-only auth error payload throws keyNotFound before the status handling can clear or expire a stale web session.
    Confidence: 0.94
  • [P2] Validate the group before attaching token-plan credit — Sources/CodexBarCore/Providers/MiniMax/MiniMaxSubscriptionMetadata.swift:294
    When a scoped fetch passes a groupID, this path still attaches whatever balance the credit endpoint returns; reject or ignore credit payloads whose credit.groupIDs do not include the resolved group to avoid mixing MiniMax accounts/groups.
    Confidence: 0.93
  • [P2] Honor the Keychain opt-out before desktop decryption — Sources/CodexBarCore/Providers/MiniMax/MiniMaxDesktopCookieImporter.swift:177
    MiniMax Agent encrypted cookies cause this importer to derive keys via Keychain even when KeychainAccessGate.isDisabled is true, bypassing the Advanced setting that is meant to prevent any Keychain access.
    Confidence: 0.96
  • [P2] Keep Codex no-data credits hidden — Sources/CodexBar/MenuCardView+Costs.swift:65
    Removing the Codex nil-credits/no-error guard makes existing Codex cards fall through to the credits hint/no-data state that current main intentionally suppresses when no credits snapshot or error exists.
    Confidence: 0.9

Overall correctness: patch is incorrect
Overall confidence: 0.93

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against aa401f1d8b74.

Label changes

Label changes:

  • add proof: 📸 screenshot: Contributor real behavior proof includes screenshot evidence. The linked split source PR includes live MiniMax screenshots and redacted CLI/endpoint output for the dashboard and web-session data, and this branch carries the screenshot artifacts for the UI states.

Label justifications:

  • P2: This is a normal-priority MiniMax provider improvement with concrete blockers, but the blast radius is mostly provider/menu behavior rather than a live production outage.
  • merge-risk: 🚨 compatibility: The diff changes existing Codex credits fallback behavior and stacks overlapping MiniMax provider changes on top of a prerequisite PR.
  • merge-risk: 🚨 auth-provider: MiniMax web-session enrichment can mis-handle expired sessions and attach credit data for the wrong group.
  • merge-risk: 🚨 security-boundary: The new desktop cookie importer can read Keychain-backed safe-storage credentials despite the repository's Disable Keychain access setting.
  • rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🦞 diamond lobster and patch quality is 🧂 unranked krab.
  • status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (screenshot): The linked split source PR includes live MiniMax screenshots and redacted CLI/endpoint output for the dashboard and web-session data, and this branch carries the screenshot artifacts for the UI states.
  • proof: sufficient: Contributor real behavior proof is sufficient. The linked split source PR includes live MiniMax screenshots and redacted CLI/endpoint output for the dashboard and web-session data, and this branch carries the screenshot artifacts for the UI states.
  • proof: 📸 screenshot: Contributor real behavior proof includes screenshot evidence. The linked split source PR includes live MiniMax screenshots and redacted CLI/endpoint output for the dashboard and web-session data, and this branch carries the screenshot artifacts for the UI states.
Evidence reviewed

Security concerns:

  • [medium] Keychain opt-out bypass — Sources/CodexBarCore/Providers/MiniMax/MiniMaxDesktopCookieImporter.swift:177
    The new MiniMax desktop cookie importer can call KeychainSecurity.copyMatching for Chromium safe-storage keys without honoring KeychainAccessGate.isDisabled.
    Confidence: 0.96
  • [medium] Cross-group credit attachment — Sources/CodexBarCore/Providers/MiniMax/MiniMaxSubscriptionMetadata.swift:294
    Token-plan credit data can be attached to a snapshot even when the response group ids do not match the requested MiniMax group, risking provider identity mix-ups.
    Confidence: 0.9

Acceptance criteria:

  • [P1] swift test --filter UsageFormatterTests.
  • [P1] swift test --filter MiniMaxUsageSummary.
  • [P1] swift test --filter MiniMaxTokenPlanCreditTests.
  • [P1] swift test --filter MiniMaxDesktopCookieImporterTests.
  • [P1] swift test --filter MiniMaxWebEnrichmentResolverTests.

What I checked:

Likely related people:

  • steipete: Peter Steinberger authored recent MiniMax billing/fallback/provider work and owns the repository where the provider direction and Keychain/privacy boundary should be approved. (role: recent area contributor and repository owner; confidence: high; commits: af202b462bdf, 4b14d2ad911c, 7ffad6b5a4bf; files: Sources/CodexBar/InlineUsageDashboardContent.swift, Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift, Sources/CodexBarCore/Providers/MiniMax/MiniMaxProviderDescriptor.swift)
  • Yuxin-Qiao: Yuxin-Qiao has prior merged MiniMax token-plan and menu quota fixes on main, in addition to proposing this branch. (role: recent MiniMax contributor; confidence: high; commits: d00c6c0f523d, 99cd674ba08e, 645ca833df31; files: Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift, Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageSnapshot+Metadata.swift, Sources/CodexBar/MenuBarMetricWindowResolver.swift)
  • XWind18: XWind/XWind18 introduced and hardened token-plan quota/menu behavior that this PR extends. (role: adjacent MiniMax token-plan contributor; confidence: medium; commits: 65a41cbee9b3, df74854492f5, 20d2ebe991c1; files: Sources/CodexBar/MenuCardView+MiniMax.swift, Sources/CodexBarCore/Providers/MiniMax/MiniMaxServiceUsage.swift, Sources/CodexBarCore/Providers/MiniMax/MiniMaxUsageFetcher.swift)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.
Review history (2 earlier review cycles)
  • reviewed 2026-07-08T03:35:10.956Z sha a82bb6a :: needs changes before merge. :: [P2] Preserve sub-percent usage formatting
  • reviewed 2026-07-08T03:56:15.309Z sha e6eb138 :: needs changes before merge. :: [P2] Preserve sub-percent usage formatting | [P2] Wire the MiniMax usage summary section into the menu | [P2] Decode MiniMax error payloads before requiring arrays | [P2] Validate the group before attaching token-plan credit | [P2] Honor the Keychain opt-out before Agent decryption | [P2] Keep the Codex no-data credits state hidden

@clawsweeper clawsweeper Bot added proof: sufficient Contributor real behavior proof is sufficient. proof: 📸 screenshot Contributor real behavior proof includes screenshot evidence. rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action. P2 Normal priority bug or improvement with limited blast radius. merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. labels Jul 8, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a82bb6aae3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

import CodexBarCore

extension StatusItemController {
func addMiniMaxUsageSummarySectionIfNeeded(to menu: NSMenu, context: MenuCardContext) {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Wire MiniMax usage summary section into menu assembly

This new section is never called (repo-wide rg addMiniMaxUsageSummarySectionIfNeeded only finds this definition), so the Token usage details submenu plus the web-session recovery/source rows are not inserted into the MiniMax provider menu even after a summary is fetched. Daily-only summaries and re-import/login recovery actions are therefore unreachable; please call this from the provider-menu assembly path alongside the other provider-specific sections.

Useful? React with 👍 / 👎.


enum MiniMaxUsageSummaryParser {
static func parse(data: Data) throws -> MiniMaxUsageSummary {
let payload = try JSONDecoder().decode(MiniMaxUsageSummaryPayload.self, from: data)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Decode MiniMax error payloads before requiring summary arrays

When the usage-summary endpoint returns a MiniMax base_resp-only error payload (for example a 200 JSON body with status_code: 1004 and no daily_token_usage/date_model_usage arrays), this decode throws keyNotFound before the status handling below can convert it to MiniMaxUsageError.invalidCredentials. In attemptWebEnrichment that falls into the generic catch, so expired cached web sessions are treated as endpoint failures and are not cleared; decode/check base_resp first or default the arrays to empty.

Useful? React with 👍 / 👎.

region: context.region,
environment: context.environment,
transport: context.transport)
return snapshot.withPointsBalanceIfMissing(credit.balance, expiresAt: credit.expiresAt)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Validate the group before attaching token-plan credit

When a web quota fetch is scoped with a groupID but the token-plan credit response contains credit_packages_details for a different group, this helper still attaches that balance to the quota snapshot. attemptWebEnrichment already treats the same mismatch as accountMismatch, so a stale browser/local-storage group can now mix quota data for one MiniMax group with credit data for another; check credit.groupIDs against resolvedGroupID before calling withPointsBalanceIfMissing.

Useful? React with 👍 / 👎.

KeychainNoUIQuery.apply(to: &query)

var result: AnyObject?
let status = KeychainSecurity.copyMatching(query as CFDictionary, &result)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Respect disabled Keychain access in desktop import

When MiniMax Agent has encrypted cookies and the user has enabled “Disable Keychain access”, this path still calls SecItemCopyMatching because the new desktop importer is invoked directly from MiniMax availability/enrichment instead of going through BrowserCookieAccessGate. That setting is supposed to disable Keychain reads, so guard safeStoragePassword/importSession with KeychainAccessGate.isDisabled before attempting to derive Chromium keys.

Useful? React with 👍 / 👎.


#expect(BrowserCookieAccessGate.shouldAttempt(.arc, now: start.addingTimeInterval(3)) == false)
#expect(BrowserCookieAccessGate.shouldAttempt(.edge, now: start.addingTimeInterval(3)) == false)
#expect(BrowserCookieAccessGate.shouldAttempt(.chrome) == true)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep browser-cookie tests aligned with explicit retry

This expectation contradicts the implementation: BrowserCookieAccessGate.shouldAttempt only permits an interaction-required Chromium keychain source during a user-initiated withExplicitRetry scope, and this test sets .userInitiated without that scope. As written the assertion returns false (and the later Chrome-after-Dia assertion is also blocked by the family cooldown), so the updated test suite will fail unless the production gate behavior is changed too.

Useful? React with 👍 / 👎.

Yuxin-Qiao and others added 2 commits July 8, 2026 11:50
Drop duplicate instant-open helper, remove prewarm test without implementation,
and align browser gate tests with upstream.

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
@clawsweeper clawsweeper Bot added rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. and removed proof: 📸 screenshot Contributor real behavior proof includes screenshot evidence. rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. labels Jul 8, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

return L(metadata.creditsHint)

P2 Badge Suppress Codex credits hint when no credits were fetched

For Codex cards where credits and error are both nil, this fallback now returns the metadata hint instead of no credits line, so a normal initial/disabled-credits state renders a credits bar saying credits are unavailable even though no failure occurred. Restore the Codex nil case before falling back to creditsHint, while keeping real errors and fetched credit values visible.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +445 to +448
let summaryEnrichedSnapshot = try await self.attachingUsageSummaryIfAvailable(
to: enrichedSnapshot,
context: context,
groupID: groupID)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Honor optional-usage toggle before MiniMax web enrichments

When includeBillingHistory is false (wired from context.includeOptionalUsage in MiniMaxCodingPlanFetchStrategy.fetch), this method now skips only billing but still calls the usage-summary and token-plan-credit enrichments. Users who turned off optional credits/extra usage still trigger these extra MiniMax web endpoints even though the UI hides the results, so keep the previous early return or gate these enrichments behind includeBillingHistory as well.

Useful? React with 👍 / 👎.

Comment on lines +28 to 31
guard let snapshot = await self.costUsageFetcher.loadCachedCodexTokenSnapshot(
now: now,
codexHomePath: scope.codexHomePath,
historyDays: historyDays)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve cached Codex refresh timestamps

Switching to the snapshot-only cache load means hydrateCachedTokenSnapshots no longer seeds lastTokenFetchAt/lastTokenFetchScope from the cache's lastRefreshAt. On app launch with a fresh Codex scan cache, the card hydrates cached data but the next non-forced token refresh sees no TTL marker and immediately starts another full cost scan, undoing the cache hydration performance benefit.

Useful? React with 👍 / 👎.

Comment on lines +54 to +55
if let fetchedSummary {
enriched = enriched.withUsageSummary(fetchedSummary)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep summary data when credit lookup fails

For API-token users with a valid web session, fetchedSummary is only attached inside the token-plan-credit success branch. If the usage-summary endpoint succeeds but the credit endpoint is unavailable, returns no matching groups, or cannot parse a balance, the summary is discarded and the session is reported as not enriched, so the new token usage details/cost dashboard stay hidden even though the useful summary data was fetched.

Useful? React with 👍 / 👎.

Comment on lines +172 to +173
return (Double(input) * inputRate)
+ (Double(cacheRead) * cacheReadRate)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Avoid double-charging cache-read input tokens

When a MiniMax summary has cache_read_token > 0, total_input_token already includes those cache hits (the UI derives cache-miss input as input minus cache-read), but this formula charges all input at the full input rate and then charges the cached subset again at the cache-read rate. Cached-heavy usage will show inflated daily/7d/30d spend; bill only non-cache input at inputRate plus cache reads at cacheReadRate.

Useful? React with 👍 / 👎.

@clawsweeper clawsweeper Bot added the proof: 📸 screenshot Contributor real behavior proof includes screenshot evidence. label Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. P2 Normal priority bug or improvement with limited blast radius. proof: 📸 screenshot Contributor real behavior proof includes screenshot evidence. proof: sufficient Contributor real behavior proof is sufficient. rating: 🧂 unranked krab Not merge-ready due to missing proof or serious correctness/safety concerns. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant