Show Codex Spark usage

[LeoLin990405]

Addresses #1177

Summary

• Decode Codex OAuth additional_rate_limits lossily per element so valid model-specific limits survive malformed siblings.
• Map Codex Spark into a stable named extra rate window without changing primary/session or weekly normalization.
• Respect the optional extra usage setting for Spark menu metrics and add parser/model coverage.

Tests

• swift build --target CodexBarCore
• swift test --filter CodexOAuthTests was attempted locally but SwiftPM failed before the filtered macOS tests because TestsLinux/JetBrainsParserLinuxTests.swift could not import Testing in this local toolchain.

Notes

• Scope is limited to Codex Spark extra rate windows, tests, and docs.
• No provider search/sidebar, reset-time display, Package.swift, or credential/auth changes are included.

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed May 28, 2026, 5:15 AM ET / 09:15 UTC.

Summary
The branch threads Codex additional_rate_limits through OAuth and OpenAI web dashboard usage into UsageSnapshot.extraRateWindows, renders Codex Spark behind the existing optional extra-usage setting, and adds tests/docs/changelog coverage.

Reproducibility: not applicable. as a bug reproduction; this is a feature PR. Source inspection confirms current main does not expose Codex Spark via additional_rate_limits, while the PR adds that path.

Review metrics: 2 noteworthy metrics.

• Diff size: 12 files, +832/-0. The change spans parser, dashboard, menu rendering, docs, changelog, and tests, so maintainers should review the full data path before merge.
• Test surface: 2 test files added, 2 extended. Focused coverage now exercises OAuth parsing, dashboard propagation, Codex menu gating, and a non-Codex extra-window regression.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🐚 platinum hermit
Result: blocked until stronger real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• [P1] Add redacted live proof from an account that returns Spark additional_rate_limits, such as the payload shape or CodexBar menu output.
• Refresh the PR body with the proof and latest commands/checks for head 4f9c902.

Proof guidance:

• [P1] Needs stronger real behavior proof before merge: The only live output is from an account whose additional_rate_limits was null, so no after-fix Spark behavior is shown; add a redacted Spark-enabled payload, log, terminal output, or menu screenshot and update the PR body to trigger re-review.

Risk before merge

• [P1] No posted evidence shows a Spark-enabled account returning additional_rate_limits or CodexBar rendering the Spark lane; the owner's live probe had no Spark data.
• [P1] The latest dashboard-path commit landed after the maintainer's focused local proof note, so fresh CI/checks should cover head 4f9c902 before merge.

Maintainer options:

1. Decide the mitigation before merge
   Keep this PR as the implementation candidate, then merge only after redacted Spark-enabled live proof and fresh head validation confirm the real payload and menu presentation.
2. Pause or close
   Do not merge this PR until maintainers decide whether the risk is worth taking.

Next step before merge

• [P1] Human review should wait for contributor or maintainer Spark-enabled live proof; no narrow automated code repair is apparent from source review.

Security
Cleared: The diff is limited to Swift parsing/model/rendering code plus tests/docs/changelog and does not add dependencies, scripts, permissions, or secret-handling changes.

Review details

Best possible solution:

Keep this PR as the implementation candidate, then merge only after redacted Spark-enabled live proof and fresh head validation confirm the real payload and menu presentation.

Do we have a high-confidence way to reproduce the issue?

Not applicable as a bug reproduction; this is a feature PR. Source inspection confirms current main does not expose Codex Spark via additional_rate_limits, while the PR adds that path.

Is this the best way to solve the issue?

Yes, with a proof gate: reusing UsageSnapshot.extraRateWindows and the existing optional extra-usage setting is a narrow fit, but the real Spark payload shape and rendered menu still need live confirmation.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 529e25538a20.

Label changes

Label justifications:

• P2: This is a normal-priority feature improvement for Codex Spark usage visibility with limited blast radius and a proof gate before merge.
• rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🐚 platinum hermit.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs stronger real behavior proof before merge: The only live output is from an account whose additional_rate_limits was null, so no after-fix Spark behavior is shown; add a redacted Spark-enabled payload, log, terminal output, or menu screenshot and update the PR body to trigger re-review.

Evidence reviewed

Acceptance criteria:

• [P1] swift build --target CodexBarCore.
• [P1] swift test --filter CodexAdditionalRateLimitsTests.
• [P1] swift test --filter OpenAIDashboardSparkTests.
• [P1] swift test --filter MenuCardModelCodexProjectionTests.
• [P1] swift test --filter MenuCardAntigravityTests.

What I checked:

• Current main does not already implement this request: A current-main search finds existing Spark references only in local cost-history/pricing coverage, not in additional_rate_limits, Codex Spark, or codex-spark usage-window display paths. (529e25538a20)
• OAuth parser path: The PR adds CodexUsageResponse.additionalRateLimits and decodes additional_rate_limits lossily per element so malformed entries do not disturb primary/weekly parsing. (Sources/CodexBarCore/Providers/Codex/CodexOAuth/CodexOAuthUsageFetcher.swift:10, 4f9c902c2a71)
• Spark mapping path: The new mapper gives Spark a stable codex-spark id and maps usable additional-limit windows into NamedRateWindow values. (Sources/CodexBarCore/Providers/Codex/CodexAdditionalRateLimitMapper.swift:13, 4f9c902c2a71)
• Dashboard source path: The latest head forwards API-decoded extra windows through dashboard API data, dashboard snapshots, and attached-dashboard reconciliation. (Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardFetcher.swift:148, 4f9c902c2a71)
• Menu gating path: Codex extra windows are hidden when optional credits/extra usage is disabled, while non-Codex extra windows continue through the shared renderer. (Sources/CodexBar/MenuCardView+ModelHelpers.swift:170, 4f9c902c2a71)
• Regression coverage: The PR adds focused parser/dashboard tests and extends menu-model coverage for Codex Spark visibility plus an Antigravity non-regression case. (Tests/CodexBarTests/CodexAdditionalRateLimitsTests.swift:1, 4f9c902c2a71)

Likely related people:

• Peter Steinberger: Recent history shows work on Codex limit handling, OpenAI web stabilization, and the maintainer fixup/comment on this PR. (role: recent area contributor; confidence: high; commits: 32fd0ece80b9, 855945a8df20, 2444db2968b6; files: Sources/CodexBar/MenuCardView+ModelHelpers.swift, Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardFetcher.swift, Sources/CodexBarCore/Providers/Codex/CodexAdditionalRateLimitMapper.swift)
• Ratul Sarna: Earlier main history introduced the Codex reconciled usage state, Codex consumer projection, and OpenAI web extras structure this PR extends. (role: feature-history owner; confidence: medium; commits: 25ac79e8f599, c0df637e4b70, 0199e1ca9a00; files: Sources/CodexBarCore/Providers/Codex/CodexReconciledState.swift, Sources/CodexBar/Providers/Codex/CodexConsumerProjection.swift, Sources/CodexBarCore/OpenAIWeb/OpenAIDashboardFetcher.swift)
• LeoLin990405: The PR author also appears in prior merged main history as Zhongyue Lin for usage/widget and provider card work, so they are relevant beyond only opening this PR. (role: recent adjacent contributor; confidence: medium; commits: 9bd6b7ea0b59, 8fccb454acbb; files: Sources/CodexBar/UsageStore+WidgetSnapshot.swift, Sources/CodexBar/InlineUsageDashboardContent.swift, Sources/CodexBar/MenuCardView.swift)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d9eceaa309

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Avoid hiding non-optional extra rate windows

When showOptionalCreditsAndExtraUsage is off, this shared helper now drops every UsageSnapshot.extraRateWindows metric, not just the new Codex Spark row. The helper is also used by the generic/Antigravity menu paths, so users who disable Codex credits/Claude extras will also lose unrelated provider data such as Antigravity’s loss-free per-model quotas and Factory core rate-limit windows that are carried only in extraRateWindows. Scope the suppression to the optional Codex/Claude extras instead of the common renderer.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2444db2968

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Route Spark limits through web dashboard source

This maps additional_rate_limits only on the OAuth path. When users select Codex's OpenAI web dashboard source, OpenAIDashboardFetcher.fetchDashboardUsageAPI decodes the same wham/usage response, but dashboardAPIData copies only primary/secondary limits, credits, and plan into DashboardAPIData, and OpenAIDashboardSnapshot/fromAttachedDashboard have no extra-window field. As a result Spark limits returned by the API are discarded before the menu model sees them, so Spark usage remains missing for web-source users.

Useful? React with 👍 / 👎.

[steipete]

Maintainer pass update:

• Pushed fixup 2444db29 to keep the lossy additional_rate_limits decode plain, add the maintainer changelog entry, and clean up wording.
• Local focused proof is green:
  • swift test --filter CodexAdditionalRateLimitsTests
  • swift test --filter MenuCardModelCodexProjectionTests
  • swift test --filter MenuCardAntigravityTests
  • make check
  • autoreview clean against origin/main
• CI for 2444db29: Linux arm64 and Linux x64 are green; macOS lint-build-test passed lint and is still in broad Swift Test.

I also tried live proof with the local Codex OAuth account. The wham/usage request returned HTTP 200, but this account does not expose Spark data:

{
  "plan_type": "pro",
  "additional_rate_limits_type": "null",
  "additional_rate_limits_count": 0,
  "spark_limits": []
}

So the code/tests look good, but I am holding the merge until we have one Spark-enabled live proof item: either a redacted additional_rate_limits payload shape or a CodexBar menu screenshot from an account that returns Spark usage. Useful fields are limit_name, metered_feature, and the nested rate_limit.primary_window / secondary_window shape. Please redact ids, email, account ids, and tokens.

[steipete]

Maintainer follow-up for current head 4f9c902:

• Reviewed the new dashboard-path commit. It correctly threads decoded extra windows through DashboardAPIData -> DashboardScrapeData -> OpenAIDashboardSnapshot -> CodexReconciledState -> UsageSnapshot.extraRateWindows while preserving the existing rule that extras alone do not make a dashboard payload returnable.
• Local focused proof is green:
  • swift test --filter CodexAdditionalRateLimitsTests
  • swift test --filter OpenAIDashboardSparkTests
  • swift test --filter MenuCardModelCodexProjectionTests
  • swift test --filter MenuCardAntigravityTests
  • swift test --filter OpenAIDashboardModelsTests
  • swift test --filter CLIOpenAIDashboardCacheTests
  • make check
  • autoreview clean against origin/main
• CI for 4f9c902: Linux arm64 and x64 are green; macOS lint-build-test passed lint and is still in broad Swift Test.
• I also checked the screenshot on [Feature] Show Codex Spark usage #1177. It does show real separate GPT-5.3-Codex-Spark 5h/weekly quota behavior, but it is not a raw/redacted additional_rate_limits payload and not CodexBar menu proof.

So my current state is: code-ready, still proof-blocked for merge. The missing proof is one Spark-enabled live item from an account that actually returns Spark data: either a redacted additional_rate_limits payload shape, or a CodexBar menu screenshot showing the Spark lane from such an account.

[LeoLin990405]

Spark-enabled live proof for #1195.

I re-ran a live GET /backend-api/wham/usage request against a Spark-enabled Codex OAuth account and redacted the response down to only the structural fields requested. The request returned HTTP 200, and additional_rate_limits is present as a list with one Spark-like entry.

Redactions applied: no ids, email, account ids, tokens, cookies, authorization headers, or raw credential payloads are included.

{
  "ok": true,
  "status": 200,
  "plan_type": "pro",
  "additional_rate_limits_type": "list",
  "additional_rate_limits_count": 1,
  "spark_like_count": 1,
  "additional_rate_limits_redacted": [
    {
      "limit_name": "GPT-5.3-Codex-Spark",
      "metered_feature": "codex_bengalfox",
      "rate_limit": {
        "primary_window": {
          "used_percent": 0,
          "reset_at": 1779979845,
          "limit_window_seconds": 18000
        },
        "secondary_window": {
          "used_percent": 0,
          "reset_at": 1780566645,
          "limit_window_seconds": 604800
        }
      }
    }
  ]
}