Skip to content

feat: add ClinePass usage provider#1896

Open
JagravNaik wants to merge 7 commits into
steipete:mainfrom
JagravNaik:feat/clinepass-provider-v2
Open

feat: add ClinePass usage provider#1896
JagravNaik wants to merge 7 commits into
steipete:mainfrom
JagravNaik:feat/clinepass-provider-v2

Conversation

@JagravNaik

@JagravNaik JagravNaik commented Jul 4, 2026

Copy link
Copy Markdown

Summary

Adds a new ClinePass provider to CodexBar, surfacing Cline's flat-rate subscription usage as three rolling percentage bars (5-hour, weekly, monthly) with reset countdowns, plus plan name and account email.

Data source

Three Cline account API endpoints behind a single CLINE_API_KEY (Bearer auth, {success,data,error} envelope):

  • GET /api/v1/users/me → account email
  • GET /api/v1/users/me/plan → plan displayName
  • GET /api/v1/users/me/plan/usage-limits → server-computed { type, percentUsed, resetsAt } per window (five_hour / weekly / monthly)

The /plan and /plan/usage-limits endpoints are dashboard-derived (extracted from the Cline web dashboard's JavaScript bundle — not in Cline's published Enterprise API Reference). The usage-limits fetch is best-effort: a 404 or transient failure degrades to showing plan name + email without usage windows rather than failing the whole fetch.

Concurrency

The three reads are independent (all use the literal me path) and run concurrently via withThrowingTaskGroup, collapsing three serialized round trips into one (~0.7s → ~0.25s). The user and plan fetches are required; limits catches its own errors without aborting the group.

Wiring

Follows the CrossModel/OpenRouter pattern: custom ClinePassUsageSnapshot field on UsageSnapshot (6 Codable sites), ProviderDescriptor registry, ProviderImplementationRegistry, ProviderTokenResolver, ProviderConfigEnvironment, ProviderDiagnosticExport, CostUsageScanner, LogCategories, TokenAccountSupportCatalog, widget display name/color, CLI diagnose, and docs/providers.md (count 57 → 58).

Hardening

  • parseTimestamp uses a two-formatter approach (withFractionalSeconds then plain) to handle timezone offsets (Z, +HH:mm, +HHmm) that the original truncating parser silently dropped.
  • ClinePassUserDTO drops the unused id field (fetched but never consumed — every endpoint uses literal me).
  • ClinePassUsageError.networkError removed (dead code, never thrown).
  • Endpoint override validation rejects non-HTTPS/non-loopback URLs before attaching credentials; same-origin validation on every response rejects cross-origin redirects.

Commands run

  • swift build -c release — clean
  • swift build — clean (after rebasing onto latest main with ClawRouter provider)
  • ./Scripts/regenerate-codex-parser-hash.sh — hash updated to 75eb44533cdd6d4c
  • App packaged via ./Scripts/package_app.sh and launched — confirmed running

Tests

13 core tests (ClinePassUsageStatsTests): snapshot mapping, full fetch flow, pagination, 401/envelope-error/cross-origin rejection, Codable round-trip, timestamp parsing. Plus menu descriptor, CLI output, CLI diagnose, config env, diagnostic export, icon resources, providers pane, token account precedence, and debug log coverage.

Note: swift test hits a known Sparkle @rpath dlopen environmental quirk (documented in prior sessions). Tests pass when run via xcrun xctest with the framework rpath resolved. Two parallel code reviewers (core layer + app layer) both returned APPROVE with no blockers.

Screenshots

Enable ClinePass in Settings → Providers → ClinePass, paste your API key (created at app.cline.bot → Settings → API Keys). The menu bar shows the 5-hour window percentage; the menu card shows all three windows with reset countdowns, plan name, and account email.

Menu card — ClinePass with the Cline bot logo, plan name, and all three usage windows (account email redacted):

ClinePass menu card in CodexBar

Settings → Providers paneSource: api, Plan: Cline Pass (Monthly), the three usage windows, and the Menu bar metric picker:

ClinePass settings pane in CodexBar

Review fix (base-URL normalization)

Addresses the Codex + ClawSweeper review on the prior PR: when CLINE_API_BASE_URL is set to Cline's documented versioned root (https://api.cline.bot/api/v1), the endpoint builder previously preserved that path and appended another /api/v1, producing /api/v1/api/v1/users/me so every account read 404'd. endpoint() now normalizes the base path — strips a trailing slash and a trailing /api/v1 (case-insensitive) before appending the versioned suffix — so both the bare host and the versioned root resolve to the same URL; host-level prefixes (e.g. a reverse-proxy /gateway) are preserved. Added normalizedBasePath unit coverage and a doubled-path regression test. Verified live against api.cline.bot with a versioned base URL.


Supersedes #1888 (recreated on a clean branch with tidied commit history; same diff).

Add support for ClinePass, Cline's flat-rate subscription, surfacing
its three rolling usage windows (5-hour, weekly, monthly) as percentage
bars with reset countdowns, plus plan name and account email.

Data source: three Cline account API endpoints behind a single
CLINE_API_KEY (Bearer auth, {success,data,error} envelope):
  - GET /api/v1/users/me           -> account email
  - GET /api/v1/users/me/plan      -> plan displayName
  - GET /api/v1/users/me/plan/usage-limits -> server-computed
    { type, percentUsed, resetsAt } per window (five_hour/weekly/monthly)

The /plan and /plan/usage-limits endpoints are dashboard-derived (not
in Cline's published Enterprise API Reference); usage-limits is fetched
best-effort so a 404 or transient failure degrades to showing plan name
+ email without usage windows rather than failing the whole fetch.

The three reads are independent (all use the literal 'me' path) and run
concurrently via withThrowingTaskGroup, collapsing three serialized
round trips into one (~0.7s -> ~0.25s). The user and plan fetches are
required; limits catches its own errors without aborting the group.

Wiring follows the CrossModel/OpenRouter pattern: custom
ClinePassUsageSnapshot field on UsageSnapshot (6 Codable sites),
ProviderDescriptor registry, ProviderImplementationRegistry,
ProviderTokenResolver, ProviderConfigEnvironment,
ProviderDiagnosticExport, CostUsageScanner, LogCategories,
TokenAccountSupportCatalog, widget display name/color, CLI diagnose,
and docs/providers.md (count 57 -> 58).

Additional hardening vs the initial implementation:
  - parseTimestamp uses a two-formatter approach (withFractionalSeconds
    then plain) to handle timezone offsets (Z, +HH:mm, +HHmm) that the
    original truncating parser silently dropped.
  - ClinePassUserDTO drops the unused 'id' field (fetched but never
    consumed — every endpoint uses literal 'me').
  - ClinePassUsageError.networkError removed (dead code, never thrown).
  - Endpoint override validation rejects non-HTTPS/non-loopback URLs
    before attaching credentials; same-origin validation on every
    response rejects cross-origin redirects.

Tests: 13 core tests (snapshot mapping, full fetch flow, pagination,
401/envelope-error/cross-origin rejection, Codable round-trip, timestamp
parsing) plus menu descriptor, CLI output, CLI diagnose, config env,
diagnostic export, icon resources, providers pane, token account
precedence, and debug log coverage.

Docs: docs/clinepass.md, docs/providers.md updated.
Addresses PR steipete#1888 review (Codex + ClawSweeper): when CLINE_API_BASE_URL is
set to Cline's documented versioned root (https://api.cline.bot/api/v1), the
endpoint builder preserved that path and appended another /api/v1, producing
/api/v1/api/v1/users/me so every account read 404'd.

endpoint() now strips a trailing slash and a trailing /api/v1 (case-insensitive)
from the base path before appending the versioned suffix, so both the bare host
and the versioned root resolve to the same URL. Host-level prefixes (e.g. a
reverse-proxy /gateway) are preserved.

Adds unit coverage for normalizedBasePath edge cases and an integration test
asserting a versioned base URL never yields a doubled /api/v1 path.
@clawsweeper

clawsweeper Bot commented Jul 4, 2026

Copy link
Copy Markdown

Codex review: found issues before merge. Reviewed July 4, 2026, 4:44 PM ET / 20:44 UTC.

Summary
The branch adds a ClinePass API-key usage provider with account/plan/quota-window fetching, provider/settings/CLI/widget/docs wiring, icon resources, and focused tests.

Reproducibility: not applicable. as a feature PR. Current-main source inspection confirms the provider is absent, and the posted screenshots show the proposed provider rendering after a live setup.

Review metrics: 2 noteworthy metrics.

  • Diff surface: 36 files, +1514/-6. The provider touches core, app, widget, CLI, docs, generated parser hash, and tests, so review needs to cover end-to-end wiring.
  • New account reads: 3 Cline GET endpoints. All three requests use the same bearer token and depend on the Cline account endpoint contract.

Root-cause cluster
Relationship: fixed_by_candidate
Canonical: #1786
Summary: This PR is a candidate implementation for the open ClinePass provider feature request; the shared remaining blocker is maintainer acceptance of the ClinePass quota/auth contract.

Members:

Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything.

Merge readiness
Overall: 🦐 gold shrimp
Proof: 🦞 diamond lobster ✨ media proof bonus
Patch quality: 🦐 gold shrimp
Result: needs maintainer review before merge.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • Get maintainer-visible acceptance of the dashboard-derived ClinePass quota endpoint or switch to a supported API/scopes contract.

Risk before merge

  • [P1] The provider would depend on dashboard-derived /plan and /plan/usage-limits endpoints; if Cline changes or removes them, users lose the quota windows despite green local tests.
  • [P1] Merging makes CLINE_API_KEY and CLINE_API_BASE_URL an accepted CodexBar provider contract before the repository owner has signed off on the auth/provider surface.

Maintainer options:

  1. Confirm the ClinePass quota contract (recommended)
    Get maintainer-visible acceptance or upstream confirmation that the quota endpoints and API-key scopes are supported enough for CodexBar core before merge.
  2. Accept the dashboard endpoint explicitly
    Maintainers can choose to own the dashboard-derived endpoint risk now that the implementation has screenshots and focused tests.
  3. Pause until Cline publishes the contract
    If undocumented quota APIs are not acceptable in core, pause or close this branch and keep the linked feature request as the canonical tracker.

Next step before merge

  • [P2] Maintainer review is needed because the remaining blocker is whether CodexBar core may depend on the dashboard-derived ClinePass quota endpoint, not an automatable code repair.

Security
Cleared: No concrete supply-chain or credential-exfiltration defect was found; the credential route has endpoint override and same-origin guards, with the remaining concern tracked as provider-contract merge risk.

Review findings

  • [P2] Use a supported ClinePass quota contract — Sources/CodexBarCore/Providers/ClinePass/ClinePassUsageStats.swift:305
Review details

Best possible solution:

Land the provider only after maintainers accept the ClinePass API-key quota endpoint contract, or keep #1786 open until Cline documents or supports it.

Do we have a high-confidence way to reproduce the issue?

Not applicable as a feature PR. Current-main source inspection confirms the provider is absent, and the posted screenshots show the proposed provider rendering after a live setup.

Is this the best way to solve the issue?

Unclear until maintainers accept the endpoint contract. The implementation is narrow and follows existing provider patterns, but related owner guidance requested a supported ClinePass quota contract before code lands.

Full review comments:

  • [P2] Use a supported ClinePass quota contract — Sources/CodexBarCore/Providers/ClinePass/ClinePassUsageStats.swift:305
    Re-raising the prior blocker: this still calls the dashboard-derived /api/v1/users/me/plan/usage-limits endpoint, while the related owner audit asks for a supported third-party quota contract before code lands. Until a maintainer explicitly accepts this endpoint risk or the provider switches to a supported API/scopes contract, merging would make core ClinePass usage depend on an undocumented auth/provider surface.
    Confidence: 0.87

Overall correctness: patch is incorrect
Overall confidence: 0.86

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against 23e2d30d3cbe.

Label changes

Label justifications:

  • P3: This is an optional new provider feature, not a regression or blocked core workflow.
  • merge-risk: 🚨 auth-provider: The PR adds new Cline API-key resolution, endpoint override handling, bearer-token account reads, and provider selection behavior.
  • rating: 🦐 gold shrimp: Overall readiness is 🦐 gold shrimp; proof is 🦞 diamond lobster and patch quality is 🦐 gold shrimp.
  • status: ⏳ waiting on author: ClawSweeper has contributor-facing work open and is waiting for author action. Sufficient (screenshot): Screenshots show the after-fix ClinePass menu card and Settings pane with redacted account, plan, and all three usage windows.
  • proof: sufficient: Contributor real behavior proof is sufficient. Screenshots show the after-fix ClinePass menu card and Settings pane with redacted account, plan, and all three usage windows.
  • proof: 📸 screenshot: Contributor real behavior proof includes screenshot evidence. Screenshots show the after-fix ClinePass menu card and Settings pane with redacted account, plan, and all three usage windows.
Evidence reviewed

What I checked:

  • Repository policy applied: AGENTS.md was read fully; its guidance on provider tests, avoiding live provider probes without explicit request, concurrency review, and provider data siloing shaped this review. (AGENTS.md:26, 23e2d30d3cbe)
  • Current main lacks ClinePass: A current-main search found no Cline/ClinePass provider code, and UsageProvider currently ends this section with crossmodel and clawrouter, so this PR is not obsolete. (Sources/CodexBarCore/Providers/Providers.swift:58, 23e2d30d3cbe)
  • Dashboard-derived endpoint remains: The PR itself documents that /plan and /plan/usage-limits are not in Cline's published Enterprise API Reference and were extracted from the dashboard bundle. (Sources/CodexBarCore/Providers/ClinePass/ClinePassUsageStats.swift:14, 1c765615236a)
  • Quota call implementation: The provider builds and calls /api/v1/users/me/plan/usage-limits for the ClinePass quota windows. (Sources/CodexBarCore/Providers/ClinePass/ClinePassUsageStats.swift:305, 1c765615236a)
  • Related owner audit: The linked feature request has an owner comment saying accurate ClinePass support needs a supported quota endpoint, auth/scopes proof, and confirmation that API keys are intended for third-party clients before code lands.
  • Real behavior proof inspected: Downloaded and inspected the PR screenshots; they show a ClinePass menu card and Settings provider pane with redacted account, plan name, and all three usage windows rendered.

Likely related people:

  • steipete: He gave the related ClinePass contract audit and recent history/blame ties him to provider registry and config-environment changes in the same area. (role: product direction commenter and recent provider contributor; confidence: high; commits: efb7839ddf99, e437044c32ba; files: Sources/CodexBarCore/Providers/ProviderDescriptor.swift, Sources/CodexBarCore/Config/ProviderConfigEnvironment.swift, Sources/CodexBar/Providers/Shared/ProviderImplementationRegistry.swift)
  • JC: JC introduced the CrossModel provider pattern that this PR cites and mirrors for API-token fetching, snapshots, endpoint validation, and descriptor wiring. (role: adjacent provider-pattern author; confidence: medium; commits: 0a18391e1838; files: Sources/CodexBarCore/Providers/CrossModel/CrossModelUsageStats.swift, Sources/CodexBarCore/Providers/CrossModel/CrossModelProviderDescriptor.swift)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.
Review history (6 earlier review cycles)
  • reviewed 2026-07-04T15:39:59.827Z sha 39b8d0c :: needs maintainer review before merge. :: none
  • reviewed 2026-07-04T15:59:48.686Z sha bf89ddf :: needs maintainer review before merge. :: none
  • reviewed 2026-07-04T16:22:30.916Z sha 321361b :: needs changes before merge. :: [P1] Restore the cost-comparison setting
  • reviewed 2026-07-04T16:28:57.615Z sha 321361b :: found issues before merge. :: [P2] Use a supported ClinePass quota contract
  • reviewed 2026-07-04T16:33:48.119Z sha 321361b :: found issues before merge. :: [P2] Use a supported ClinePass quota contract
  • reviewed 2026-07-04T17:14:45.669Z sha 321361b :: found issues before merge. :: [P2] Use a supported ClinePass quota contract

@clawsweeper clawsweeper Bot added proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. P3 Low-risk cleanup, docs, polish, ergonomics, or speculative feature. merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. labels Jul 4, 2026
Replace the placeholder ticket glyph with Cline's official bot logomark
(from cline.bot/brand, Bot icon SVG), simplified to a single
currentColor path so it renders as a menu-bar template image and recolors
to the label color like every other provider icon.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 39b8d0cec8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread Sources/CodexBarCore/Providers/ClinePass/ClinePassUsageStats.swift
Addresses PR steipete#1896 Codex review (P2): the /plan/usage-limits task's
best-effort catch converted a cancelled refresh into .limits(nil), so
fetchUsage returned a successful partial snapshot (plan + email, no
windows) that the caller then recorded instead of suppressing the
cancelled refresh.

The catch now rethrows CancellationError and cancelled URLError, and
checks Task.isCancelled before treating a limits failure as best-effort
— matching the CrossModel fetcher's cancellation handling. Only genuine
endpoint failures (404/transient) still degrade to plan + email.

Adds two regression tests asserting a cancelled limits request
propagates CancellationError rather than yielding a partial snapshot.
@JagravNaik

Copy link
Copy Markdown
Author

Review follow-ups

1. Cancellation (Codex P2) — fixed in bf89ddf.
The best-effort /plan/usage-limits catch now rethrows CancellationError / cancelled URLError and checks Task.isCancelled before degrading, so a cancelled refresh propagates instead of being recorded as a partial snapshot. +2 regression tests.

2. Quota-window contract (addresses @steipete's audit on #1786 and ClawSweeper's rank-up P2).

The audit correctly noted that Cline's published Enterprise API Reference only documents /balance + /usages (a credit balance/transaction contract whose ClineAccountBalance = {balance, userId} cannot represent the three ClinePass windows). This PR does not use those endpoints. It uses the endpoint the Cline dashboard itself calls for its "Usage limits" page:

  • GET /api/v1/users/me/plan/usage-limits{ data: { limits: [{ type, percentUsed, resetsAt }] } }, typefive_hour / weekly / monthly.

This returns server-computed used%/reset per window — exactly the "map each to a CodexBar RateWindow" shape the audit's "smallest safe implementation" describes.

Design decisions matching the audit's guardrails:

  • Auth: explicit CLINE_API_KEY (Settings → Providers → ClinePass, or env). No implicit import of Cline OAuth refresh tokens or browser sessions.
  • Mapping: the three windows → primary/secondary/tertiary RateWindows (5h/7d/30d), percentUsed clamped 0–100; null percent omits the window rather than showing 0%.
  • Degradation: /users/me + /plan are required; /plan/usage-limits is best-effort (404/transient → plan + email, no fabricated windows).

Live verification (real ClinePass account at api.cline.bot):

5-hour:  0% left   Resets in 3h 18m
Weekly:  25% left  Resets in 6d 4h
Monthly: 63% left  Resets in 29d 4h
Account: <redacted>
Plan:    Cline Pass (Monthly)

All three endpoints return 200; the percentages match the Cline web dashboard's Usage limits page exactly.

Caveat for maintainer sign-off: /plan/usage-limits is dashboard-derived, not in Cline's published API reference, so it carries the same contract-stability risk as several existing dashboard-backed providers (e.g. Codex web, Cursor). If you'd prefer to gate on Cline publishing it officially, that's a reasonable call — flagging it explicitly rather than leaving it implicit.

@JagravNaik

Copy link
Copy Markdown
Author

@clawsweeper re-review — Codex P2 (cancellation) fixed in bf89ddf with regression tests; quota-window contract + live verification documented above.

@clawsweeper

clawsweeper Bot commented Jul 4, 2026

Copy link
Copy Markdown

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@clawsweeper clawsweeper Bot added proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. and removed proof: sufficient Contributor real behavior proof is sufficient. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. labels Jul 4, 2026
@JagravNaik

Copy link
Copy Markdown
Author

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

The prior cancellation tests threw CancellationError / URLError.cancelled
synchronously, exercising only the two typed catch arms. Add an
end-to-end test that cancels the parent refresh while /plan/usage-limits
is genuinely in flight and the transport then fails with a GENERIC error
(URLError.timedOut) — the case the `if Task.isCancelled` guard exists
for. An actor gate cancels only once the limits request is in flight to
avoid a dispatch/cancel race.

Verified load-bearing: with the Task.isCancelled guard removed the test
fails (a partial plan+email snapshot is returned instead of propagating
cancellation); with it restored, all 20 ClinePass tests pass.
JagravNaik added a commit to JagravNaik/CodexBar that referenced this pull request Jul 4, 2026
JagravNaik added a commit to JagravNaik/CodexBar that referenced this pull request Jul 4, 2026
@JagravNaik

Copy link
Copy Markdown
Author

@clawsweeper re-review — added behavior-proof screenshots to the PR description (menu card + Settings → Providers pane, both showing the live ClinePass usage windows against a real account, email redacted).

@clawsweeper

clawsweeper Bot commented Jul 4, 2026

Copy link
Copy Markdown

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@clawsweeper clawsweeper Bot added proof: 📸 screenshot Contributor real behavior proof includes screenshot evidence. rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action. and removed rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. labels Jul 4, 2026
@JagravNaik

Copy link
Copy Markdown
Author

Maintainer decision needed: ClinePass quota endpoint

@steipete — this PR is blocked on one call that only you can make (per your contract audit on #1786), so here's the decision teed up. No further code change will move it.

The one open question

ClinePass exposes its 5-hour / weekly / monthly usage windows only through GET /api/v1/users/me/plan/usage-limits. That endpoint is not in Cline's published Enterprise API Reference — I found it by inspecting the Cline web dashboard's own JS bundle, since the documented /balance + /usages endpoints (which your audit correctly identified) return only a credit balance and cannot represent the three windows.

So there is currently no Cline-published quota API to target. The feature is only implementable today via this dashboard-derived endpoint.

How the PR respects your audit's guardrails

  • Explicit API key only (CLINE_API_KEY) — no implicit import of Cline OAuth refresh tokens or browser sessions.
  • Sanitized/degrading: same-origin validation on every response; /plan/usage-limits is best-effort, so a 404/removal degrades to plan + email (no fabricated windows), never a hard failure.
  • Precedent: several shipped providers already depend on dashboard-derived endpoints (e.g. Codex web, Cursor), so this isn't a new risk category for CodexBar.

Live proof (screenshots in the PR description)

Verified against a real ClinePass account at api.cline.bot — all three endpoints return 200, and the percentages match the Cline dashboard's Usage limits page exactly.

Your options (from ClawSweeper's review)

  1. Accept the dashboard-derived endpoint (same risk class as existing Codex-web/Cursor providers) → mergeable as-is.
  2. Wait until Cline publishes an official third-party quota API → pause this PR.
  3. Suggest a supported contract I've missed and I'll switch to it.

Happy to adjust to whichever direction you prefer. The code, tests (20 ClinePass tests incl. an adversarially-verified cancellation regression), logo, and docs are otherwise complete.

@JagravNaik

Copy link
Copy Markdown
Author

@clawsweeper re-review — the only remaining item is a maintainer decision on the dashboard-derived /plan/usage-limits endpoint (framed in the comment above with options). All native review threads are resolved, the cancellation P2 is fixed with regression tests, and behavior-proof screenshots are in the PR description. Requesting a fresh pass to reflect that this is awaiting maintainer sign-off rather than author code work.

The merge combined the ClinePass CostUsageScanner change with upstream's
CostUsage updates; regenerate the vendored-parser hash to match the
merged source (lint enforces it).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. P3 Low-risk cleanup, docs, polish, ergonomics, or speculative feature. proof: 📸 screenshot Contributor real behavior proof includes screenshot evidence. proof: sufficient Contributor real behavior proof is sufficient. rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant