feat(providers): add Codebuff support

[anandghegde]

Summary

Adds Codebuff (https://www.codebuff.com) as a first-class provider in CodexBar. The menu bar now shows live credit balance and the weekly rate-limit window alongside the other 26 providers.

Why

Codebuff is an active open-source CLI agent (successor to manicode) with a metered credit model. Users on my team wanted it to show up next to their Codex / Claude / Kilo quotas without switching to the browser.

Data sources

Codebuff exposes two stable Bearer-token endpoints used by their own dashboard + CLI:

Method	Endpoint	Returns
POST	https://www.codebuff.com/api/v1/usage	usage, quota, remainingBalance, next_quota_reset, autoTopupEnabled
GET	https://www.codebuff.com/api/user/subscription	subscription{ status, tier, billingPeriodEnd }, rateLimit{ weeklyUsed, weeklyLimit }, email

Both are called in parallel; subscription failures degrade gracefully (the primary credits window still renders).

Authentication

Resolved in this order (mirrors the Kilo pattern):

1. CODEBUFF_API_KEY environment variable.
2. API key configured in Settings → Providers → Codebuff (stored in ~/.codexbar/config.json like other providers).
3. ~/.config/manicode/credentials.json — the file the official codebuff CLI writes after codebuff login. CodexBar reads the authToken field and uses it as a Bearer token.

If none is available, the provider surfaces CodebuffUsageError.missingCredentials with guidance. Nothing is written outside the existing CodexBar config path.

UX

• Primary row: credit balance (usage / quota) with the next-reset date, if provided.
• Secondary row: weekly rate limit (weeklyUsed / weeklyLimit) on a 7-day window.
• Account panel shows the tier (e.g. "Pro"), remaining balance, and whether auto top-up is enabled.
• Lime-green (#44FF00) CodexBar icon added to match Codebuff's own branding.

Files

New core (Sources/CodexBarCore/Providers/Codebuff/)

• CodebuffSettingsReader.swift — env var + credentials.json parser.
• CodebuffProviderDescriptor.swift — provider registration + CodebuffAPIFetchStrategy.
• CodebuffUsageFetcher.swift — async fetchUsage, URL builders, status-code mapping, JSON parsers.
• CodebuffUsageSnapshot.swift — models the unified rate windows + identity mapping.
• CodebuffUsageError.swift — auth / endpoint / service / network / parse variants.

New app (Sources/CodexBar/Providers/Codebuff/)

• CodebuffProviderImplementation.swift — settings pane (secure API-key field + dashboard link).
• CodebuffSettingsStore.swift — SettingsStore.codebuffAPIToken persistence.

New asset

• Sources/CodexBar/Resources/ProviderIcon-codebuff.svg.

Edits

• Providers.swift — add case codebuff to UsageProvider and IconStyle.
• ProviderDescriptor.swift / ProviderImplementationRegistry.swift — register the new provider.
• ProviderTokenResolver.swift — new codebuffResolution() (env → auth file).
• ProviderConfigEnvironment.swift — propagate CODEBUFF_API_KEY from config → fetch env.
• CostUsageScanner.swift, UsageStore.swift (debug log), TokenAccountCLI.swift, widget provider / views — extend exhaustive switches.
• README.md, docs/codebuff.md — describe the new provider.

Tests

27 new swift-testing cases, plus 3 new resolver cases:

• Tests/CodexBarTests/CodebuffSettingsReaderTests.swift (11) — API URL default + override, env-var trimming / quote stripping, credentials-file parsing (valid / malformed / missing), descriptor shape.
• Tests/CodexBarTests/CodebuffUsageFetcherTests.swift (16) — URL building, 200/401/403/404/5xx status mapping, usage & subscription parsers (numeric + string-encoded fields, absent fields, malformed JSON), snapshot → unified UsageSnapshot, missing-credentials fast path.
• Tests/CodexBarTests/ProviderTokenResolverTests.swift — env vs auth-file precedence, malformed credentials file.

Verified locally (macOS 15, Swift 6.2):

swift build                                           # ok
swift test --filter Codebuff                          # 27 / 27 ✔
swift test --filter ProviderTokenResolver             # 12 / 12 ✔
swift test --filter ProviderRegistry|ProvidersPane|ConfigValidation  # ok
swift test                                            # all 1289 + 15 xctests pass

Pre-existing subprocess-runner stress tests emit a "signal code 5" warning on some runs (unrelated to this change; reproduced on a stashed baseline).

Notes for the reviewer

• I don't have swiftformat / swiftlint installed on this machine, so the new files follow the observed style manually (4-space indent, explicit self, MARK organization). Happy to push a follow-up commit after running them if you prefer.
• Icon is a simple two-path lime "hex" mark — feel free to swap for a higher-fidelity design; the descriptor points at it by name so any drop-in replacement works.
• CODEBUFF_API_URL env override is supported for staging, following the same pattern as OpenRouter.

Happy to adjust scope, rename, or split further if you'd rather land this in steps.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ed25e20682

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Mark fallback credit window as exhausted

When the API returns partial credit data (creditsUsed/creditsRemaining) but no total quota, this fallback branch is intended to show an exhausted state, but usedPercent is set to 0, which renders as fully healthy usage instead of a warning state. In that scenario users will see a misleading green/low-usage primary window even though the code is explicitly treating the response as degenerate; this should use an exhausted/unknown representation (e.g., 100%) so missing quota data is visible.

Useful? React with 👍 / 👎.