Switch Kimi provider to Kimi Code usage API

[BGCIV]

Summary

• replace the legacy Kimi cookie/JWT integration with Kimi Code usage monitoring
• read Kimi CLI OAuth credentials from ~/.kimi/credentials/kimi-code.json and refresh them when needed
• add API-key fallback via settings, KIMI_CODE_API_KEY, or KIMI_API_KEY
• remove the old browser-cookie Kimi path and update docs/tests for the hard cutover

What changed

• switch the Kimi provider fetch plan from web to auto|oauth|api
• call GET https://api.kimi.com/coding/v1/usages and map the summary plus rolling limits into CodexBar lanes
• add a Kimi settings picker for usage source and a secure API key field
• remove old Kimi cookie importer/header code and stop migrating legacy Kimi cookie config
• update tests and docs to reflect Kimi Code behavior

Review

• I reviewed the diff for non-Kimi regressions before opening this PR.
• No findings. The change surface stays inside the Kimi provider, its settings wiring, token resolution, config migration, docs, and targeted tests.
• Validation run locally:
  • swift build
  • swift test

Exact prompts used

1. https://github.com/steipete/codexbar I have this installed on my computer, and I want to make some changes to it so that I can monitor Kimi code. Can you look at this project, how it is structured, how it currently facilitates the monitoring of providers like Codex, and come up with a plan so that we can implement the correct monitoring for Kimi? https://platform.kimi.ai/docs/overview
2. https://www.kimi.com/code/docs/en/
3. Yeah, go ahead, give that a shot. You should be modifying my own local codex installation. Whenever I can give you the API key, I can. I have KimE CLI installed, so you can utilize that if needed.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1058e7030e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Honor configured Kimi API key in API fetch mode

KimiAPIFetchStrategy only checks ProviderTokenResolver.kimiAPIKey(environment: context.env), but this commit’s settings UI stores the Kimi key in providerConfig.apiKey. Because ProviderConfigEnvironment.applyAPIKeyOverride still has no .kimi case, that saved key never reaches context.env; users who pick API Key (or Auto without CLI OAuth creds) get missingToken unless they also set an env var. This makes the new in-app API key field ineffective for actual fetches.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Validate OAuth host override before force-unwrapping URL

oauthHost force-unwraps URL(string: raw)! for KIMI_CODE_OAUTH_HOST/KIMI_OAUTH_HOST. If that override is malformed or provided as a bare host (for example auth.kimi.com), the app will crash during token refresh in normal auto-fetch flow. This should fail gracefully (fallback/default or surfaced error) rather than terminating the process.

Useful? React with 👍 / 👎.