Improve DeepSeek detailed usage#2135
Conversation
|
Codex review: found issues before merge. Reviewed July 13, 2026, 8:14 PM ET / July 14, 2026, 00:14 UTC. Summary Reproducibility: not applicable. This PR adds an optional detailed-usage and browser-session workflow rather than repairing a defined failure of current behavior. Review metrics: 3 noteworthy metrics.
Root-cause cluster Members:
Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything. Merge readiness Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch. Rank-up moves:
Risk before merge
Maintainer options:
Next step before merge
Maintainer decision needed
Security Review findings
Review detailsBest possible solution: Keep API-key balance authoritative and independently available, but implement optional Platform enrichment through an explicit user-initiated browser host API that centralizes consent and token handling, preserves compatible legacy sessions, scopes profile choices to the active account, and degrades safely to balance-only data. Do we have a high-confidence way to reproduce the issue? Not applicable: this PR adds an optional detailed-usage and browser-session workflow rather than repairing a defined failure of current behavior. Is this the best way to solve the issue? No. The optional-enrichment and fallback design is reasonable, but provider-specific direct Chrome inspection is not the narrowest maintainable solution; browser access should use the repository’s centralized, explicit host API unless the owner intentionally changes that policy. Full review comments:
Overall correctness: patch is incorrect AGENTS.md: found and applied where relevant. Codex review notes: model internal, reasoning high; reviewed against 315ff65f7b2a. Label changesLabel justifications:
Evidence reviewedSecurity concerns:
What I checked:
Likely related people:
What the crustacean ranks mean
Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics. How this review workflow works
Review history (2 earlier review cycles) |
178b354 to
fc76f8a
Compare
Summary
Why
DeepSeek's documented API exposes the account balance but not the detailed usage visible at
platform.deepseek.com/usage. The Platform dashboard uses private endpoints for that data.This change keeps the documented balance fetch authoritative and required. Platform usage is optional enrichment: failures, invalid sessions, and timeouts preserve the balance instead of failing the provider.
Compared with #1910
This builds on the same general idea of reading DeepSeek Platform usage, but uses a narrower and more defensive session path:
userTokenfrom live Chrome local storage instead of relying on cookies or persisting a manual browser tokenReference: #1910
Privacy and reliability
cookieHeadervalues are removed during config normalizationValidation
swift test --filter DeepSeek— 91 tests passedswift test --filter ProviderSettingsDescriptorTests— 34 tests passedmake check— passed with 0 lint violationsgit diff --check— passedUI verification
Validated locally with multiple Chrome profiles:
Refreshingwhile disabledScreenshots