Add OpenAI and Mistral API cost card support

[LeoLin990405]

Summary

• map OpenAI Admin API daily usage buckets into the existing cost-card token snapshot model
• enable OpenAI token-cost support and wire cost history menu/model lookups through provider descriptors
• make cost snapshots, charts, CLI payloads, and menu text currency-aware
• enable Mistral cost-card summaries from its billing usage snapshot using the reported current-month currency

Verification

• git diff --check
• swift build --target CodexBarCore
• swift build --product CodexBarCLI
• swiftc -parse -I .build/arm64-apple-macosx/debug/Modules Sources/CodexBar/InlineUsageDashboardContent.swift Sources/CodexBar/MenuCardView+Costs.swift Sources/CodexBar/PreferencesGeneralPane.swift Sources/CodexBar/CostHistoryChartMenuView.swift Sources/CodexBar/StatusItemController+HostedSubmenus.swift Sources/CodexBar/UsageStore.swift Sources/CodexBar/UsageStore+Refresh.swift Sources/CodexBar/UsageStore+TokenCost.swift
• swiftc -parse -I .build/arm64-apple-macosx/debug/Modules Tests/CodexBarTests/MistralUsageParserTests.swift Tests/CodexBarTests/MenuCardModelTests.swift

Notes

• Full app build is still blocked in this local Command Line Tools environment by KeyboardShortcuts #Preview requiring PreviewsMacros.
• swift test is also blocked locally before reaching these tests because TestsLinux imports Swift Testing in this toolchain environment.

[clawsweeper]

Codex review: needs real behavior proof before merge. Reviewed May 26, 2026, 11:50 AM ET / 15:50 UTC.

Summary
The branch maps OpenAI Admin API and Mistral billing usage into shared cost-history snapshots, cards, charts, widgets, CLI payloads, and focused tests.

Reproducibility: not applicable. this is a feature PR rather than a bug report. Source inspection and focused tests cover the model paths, but no live OpenAI/Mistral runtime reproduction proof is attached.

Review metrics: 3 noteworthy metrics.

• Diff scope: 34 files changed, +1126/-646. The PR spans core models, provider descriptors, menu rendering, widget payload/UI, CLI payloads, and tests, so runtime proof matters.
• Provider enablement: 2 providers enabled. OpenAI and Mistral are newly routed into the shared token-cost card path.
• Widget token payload: 3 fields added. currencyCode, sessionLabel, and last30DaysLabel affect persisted widget snapshot compatibility and visible cost labels.

Merge readiness
Overall: 🧂 unranked krab
Proof: 🧂 unranked krab
Patch quality: 🐚 platinum hermit
Result: blocked until real behavior proof is added.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• Attach redacted live OpenAI Admin API proof showing the refreshed cost-card/menu behavior.
• Attach redacted live Mistral billing proof showing currency, monthly/net spend, and latest billing-day labels.
• Include widget or menu proof if possible, with private organization, key, endpoint, and account details redacted.

Proof guidance:
Needs real behavior proof before merge: Missing: the PR body/comments list build and parse checks, and the contributor says redacted real OpenAI/Mistral runtime proof still needs to be attached; screenshots, recordings, terminal output, copied live output, linked artifacts, or redacted logs should be added with private details removed, then updating the PR body should trigger a fresh ClawSweeper review or a maintainer can comment @clawsweeper re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Risk before merge

• Real provider proof is absent for live OpenAI Admin API and Mistral billing sessions, so tests do not yet prove the new cards render correct live organization data.
• The PR changes existing OpenAI API chart routing and extends the persisted widget snapshot cost payload; the code includes compatibility defaults, but upgrade/runtime behavior still needs proof before merge.

Maintainer options:

1. Require provider proof before merge (recommended)
   Ask for redacted live OpenAI Admin API and Mistral billing output showing the refreshed cost cards and widget/menu labels before landing.
2. Accept maintainer-owned runtime risk
   Maintainers could merge based on focused tests and own any provider-session or widget-upgrade fallout after release.

Next step before merge
The next action is contributor-supplied real provider proof and maintainer review of the compatibility-sensitive widget/provider routing; there is no narrow automated repair left from this pass.

Security
Cleared: No concrete security or supply-chain regression was found; the diff stays in Swift app/core/widget/test code and does not change workflows, dependencies, or credential storage.

Review details

Best possible solution:

Merge after redacted live OpenAI Admin API and Mistral billing proof confirms the app menu, shared cost card, and widget cost rendering behave correctly across fresh and upgraded state.

Do we have a high-confidence way to reproduce the issue?

Not applicable: this is a feature PR rather than a bug report. Source inspection and focused tests cover the model paths, but no live OpenAI/Mistral runtime reproduction proof is attached.

Is this the best way to solve the issue?

Unclear until real provider proof lands: routing both providers through the shared cost-history model looks maintainable and the prior code blockers appear addressed, but live billing/API behavior is still unverified.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against a56340cee86e.

Label changes

Label justifications:

• P2: This is a normal-priority user-facing provider cost-card feature with limited blast radius but broad app/widget surface.
• merge-risk: 🚨 compatibility: The PR changes OpenAI cost-history routing and extends persisted widget cost payloads, which needs upgrade/runtime proof beyond CI.
• rating: 🧂 unranked krab: Overall readiness is 🧂 unranked krab; proof is 🧂 unranked krab and patch quality is 🐚 platinum hermit.
• status: 📣 needs proof: The PR needs real behavior proof before ClawSweeper can clear the contributor ask. Needs real behavior proof before merge: Missing: the PR body/comments list build and parse checks, and the contributor says redacted real OpenAI/Mistral runtime proof still needs to be attached; screenshots, recordings, terminal output, copied live output, linked artifacts, or redacted logs should be added with private details removed, then updating the PR body should trigger a fresh ClawSweeper review or a maintainer can comment @clawsweeper re-review. After adding proof, update the PR body; ClawSweeper should re-review automatically. If it does not, the PR author or someone with repository write access can comment @clawsweeper re-review.

Evidence reviewed

What I checked:

• Current main lacks this provider cost-card enablement: The PR diff flips OpenAI and Mistral provider descriptors from supportsTokenCost false to true, so the central feature is not already implemented on current main. (Sources/CodexBarCore/Providers/OpenAI/OpenAIAPIProviderDescriptor.swift:32, 060a9fd11264)
• Provider-derived cost snapshots are wired through shared token-cost models: The PR adds UsageStore projection from OpenAI API and Mistral provider snapshots into CostUsageTokenSnapshot, which is the shared cost-card data model. (Sources/CodexBar/UsageStore+TokenCost.swift:31, 060a9fd11264)
• Widget upgrade path has explicit legacy decoding: WidgetSnapshot.TokenUsageSummary gains currency and label fields with defaulted decoding, reducing but not eliminating the need for upgrade proof. (Sources/CodexBarCore/WidgetSnapshot.swift:49, 060a9fd11264)
• Previous Mistral net-spend blocker appears addressed: A follow-up commit changed Mistral monthly cost to preserve net totalCost and added a focused test for credits/adjustments. (Tests/CodexBarTests/MistralUsageParserTests.swift:266, 7ec3c1b33882)
• Real behavior proof is still missing: The contributor comment at Add OpenAI and Mistral API cost card support #1163 (comment) says redacted real OpenAI/Mistral runtime proof still needs to be attached separately.
• Whitespace check passes on the PR diff: git diff --check produced no output for the PR range.

Likely related people:

• steipete: Peter Steinberger owns most current-main history in cost usage, OpenAI API usage dashboards, provider tracking, and also authored several follow-up fixes on this PR head. (role: recent area contributor; confidence: high; commits: 333d584a4950, 480a8d3c4801, d715648cf23d; files: Sources/CodexBar/UsageStore+TokenCost.swift, Sources/CodexBarCore/CostUsageModels.swift, Sources/CodexBarCore/Providers/OpenAI/OpenAIAPIUsageSnapshot.swift)
• Mathieu Santostefano: Git history shows the Mistral provider was introduced in the relevant provider path by this contributor. (role: original provider contributor; confidence: medium; commits: 47a4776e914d; files: Sources/CodexBarCore/Providers/Mistral/MistralModels.swift, Sources/CodexBarCore/Providers/Mistral/MistralProviderDescriptor.swift)
• Ratul Sarna: Git history links this contributor to widget, history, icon, and menu-bar projection work adjacent to the widget snapshot path changed here. (role: adjacent widget/projection contributor; confidence: medium; commits: f7e7e933d160; files: Sources/CodexBarCore/WidgetSnapshot.swift, Sources/CodexBar/UsageStore+WidgetSnapshot.swift, Sources/CodexBarWidget/CodexBarWidgetViews.swift)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: bacbddd17a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Include OpenAI account scope in token-cost cache key

Adding .openai to the provider-specific environment here makes token-cost fetches account-scoped, but the TTL gate still keys only on provider + historyDays (lastTokenFetchScope), so switching OpenAI token accounts can keep showing the previous account’s cost history for up to an hour. This is reproducible via the token-account switcher path (which refreshes provider usage but does not force token-cost refresh), and it causes stale/wrong org usage to be presented after account changes.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5c76a41dc7

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Propagate Mistral currency into widget cost rendering

By enabling Mistral token-cost support here, Mistral snapshots now feed widget token-cost UI, but widget data/formatting still assumes USD (WidgetSnapshot.TokenUsageSummary has no currency field and WidgetFormat.costAndTokens calls WidgetFormat.usd). This causes non-USD Mistral organizations (for example EUR billing) to be displayed with $ in widget Today/30d cost labels, which is a user-facing accuracy regression introduced by turning this provider path on.

Useful? React with 👍 / 👎.

[LeoLin990405]

Thanks for the cleanup and review. I pushed a small follow-up for the concrete code/docs blockers:

• Clamp negative Mistral billing adjustment values before building the shared cost snapshot, including daily and model-breakdown costs.
• Remove the release-owned CHANGELOG entry and keep the release-note context in the PR body instead.
• Add a focused Mistral conversion test covering negative billing adjustments.

Verification from my local environment:

• git diff --check
• swift build --target CodexBarCore
• swift build --product CodexBarCLI
• swiftc -parse -I .build/arm64-apple-macosx/debug/Modules Tests/CodexBarTests/MistralUsageParserTests.swift Sources/CodexBarCore/Providers/Mistral/MistralModels.swift

Still blocked locally, same as before:

• swift test stops before the focused test because TestsLinux imports Swift Testing in this toolchain environment.
• swift build --target CodexBar stops in KeyboardShortcuts #Preview because PreviewsMacros is unavailable in this local Command Line Tools setup.
• make check: SwiftFormat reports 0/951 files needing formatting, then SwiftLint crashes loading sourcekitdInProc.framework locally.

I am not asking ClawSweeper for re-review yet because the requested redacted real OpenAI/Mistral runtime proof still needs to be attached separately.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 060a9fd112

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Gate widget cost snapshot behind cost-usage preference

This new projection path populates widget token/cost data directly from provider snapshots even when costUsageEnabled is off, because it bypasses the tokenSnapshots map that is normally cleared/withheld by the setting. In practice, OpenAI/Mistral widgets can still show Today/30d cost metrics after the user disables cost usage, which is inconsistent with the rest of the UI’s isCostUsageEffectivelyEnabled gating and can surprise users who explicitly turned this feature off.

Useful? React with 👍 / 👎.