Skip to content

Improve DeepSeek detailed usage#2135

Merged
steipete merged 11 commits into
steipete:mainfrom
Zihao-Qi:codex/deepseek-detailed-usage
Jul 17, 2026
Merged

Improve DeepSeek detailed usage#2135
steipete merged 11 commits into
steipete:mainfrom
Zihao-Qi:codex/deepseek-detailed-usage

Conversation

@Zihao-Qi

@Zihao-Qi Zihao-Qi commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Summary

  • enrich the existing DeepSeek balance with today/current-month cost and token totals, request counts, model/category breakdowns, and a 30-day token chart
  • discover DeepSeek Platform sessions from Chrome local storage, validate every discovered profile, and offer only valid profiles in Settings
  • keep the balance and profile selector stable while detailed usage refreshes or a profile changes
  • scope each profile choice to the active API credential and saved-account slot to prevent cross-account data mixing
  • bound optional Platform work so a slow or uncooperative browser/session probe cannot delay the required balance

Why

DeepSeek's documented API exposes the account balance but not the detailed usage visible at platform.deepseek.com/usage. The Platform dashboard uses private endpoints for that data.

This change keeps the documented balance fetch authoritative and required. Platform usage is optional enrichment: failures, invalid sessions, and timeouts preserve the balance instead of failing the provider.

Compared with #1910

This builds on the same general idea of reading DeepSeek Platform usage, but uses a narrower and more defensive session path:

  • reads the Platform userToken from live Chrome local storage instead of relying on cookies or persisting a manual browser token
  • discovers all Chrome profiles and validates each session before showing it
  • lists only valid profiles and requires an explicit choice for a new or changed API credential
  • fingerprints the API credential/account scope without persisting the credential
  • keeps imported Platform tokens in memory and logs only opaque profile identifiers
  • adds hard timeout behavior, profile-catalog preservation, and stable transition presentation

Reference: #1910

Privacy and reliability

  • DeepSeek Platform tokens are never written to CodexBar config
  • legacy DeepSeek cookieHeader values are removed during config normalization
  • private Platform endpoints may change; parser failures degrade to balance-only data
  • optional session resolution is cancellation-aware and hard-bounded

Validation

  • swift test --filter DeepSeek — 91 tests passed
  • swift test --filter ProviderSettingsDescriptorTests — 34 tests passed
  • make check — passed with 0 lint violations
  • git diff --check — passed

UI verification

Validated locally with multiple Chrome profiles:

  • balance remains visible during profile changes
  • the profile selector remains visible and shows Refreshing while disabled
  • invalid/expired sessions are omitted
  • detailed usage repopulates after the selected profile refresh completes

Screenshots

Screenshot 2026-07-13 at 14 22 24 Screenshot 2026-07-13 at 14 22 51

@clawsweeper clawsweeper Bot added proof: sufficient Contributor real behavior proof is sufficient. proof: 📸 screenshot Contributor real behavior proof includes screenshot evidence. rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action. P2 Normal priority bug or improvement with limited blast radius. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. labels Jul 13, 2026
@clawsweeper

clawsweeper Bot commented Jul 13, 2026

Copy link
Copy Markdown

Codex review: needs maintainer review before merge. Reviewed July 16, 2026, 10:44 PM ET / July 17, 2026, 02:44 UTC.

Summary
The PR adds optional DeepSeek Platform detailed usage, Chrome-profile session discovery and selection, account-scoped settings, stable refresh presentation, documentation, localization, and focused tests.

Reproducibility: not applicable. this is a feature PR. The supplied screenshots and described multi-profile local run demonstrate the added behavior rather than reproduce a broken established contract.

Review metrics: 3 noteworthy metrics.

  • Patch size: 59 files; +4,019 / -119. The credential-sensitive implementation spans UI, configuration, browser access, fetching, refresh state, documentation, localization, and tests.
  • Reported focused validation: 91 DeepSeek tests; 34 settings tests. The reported coverage exercises parsing, account scope, profile selection, cancellation, transitions, and presentation behavior.
  • Localized UI: 7 strings across 23 locale catalogs. The new profile-selection and detailed-usage states are user-visible throughout the supported localizations.

Root-cause cluster
Relationship: canonical
Canonical: #2135
Summary: This is the active, proof-positive DeepSeek implementation; the related pull requests are closed unmerged and are not viable replacement landing paths.

Members:

Proposal only: this assessment does not dispatch repair, suppress jobs, mutate sibling items, close, or merge anything.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster ✨ media proof bonus
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • [P1] Update the PR privacy section to reflect the final legacy-session behavior, then obtain explicit maintainer acceptance of the fail-closed upgrade contract.

Risk before merge

  • [P1] Existing unscoped legacy Platform tokens can no longer enrich an active API-key account; affected users may need to select a validated Chrome profile again after upgrading.
  • [P1] The account/profile association spans persisted config, environment projection, token-account overrides, and refresh presentation; the screenshots do not directly demonstrate every legacy and multi-account upgrade combination.
  • [P1] The feature depends on a bearer token from Chrome local storage and private DeepSeek Platform endpoints, so upstream storage or endpoint changes must continue degrading safely to balance-only data.

Maintainer options:

  1. Land the scoped design (recommended)
    Accept profile re-selection for unscoped legacy sessions as the safer upgrade behavior and merge after final validation.
  2. Implement an explicit migration
    Add focused upgrade coverage and a migration that binds legacy session state to exactly one known credential before merge.
  3. Pause Platform enrichment
    Keep DeepSeek balance-only behavior if maintainers do not want to own Chrome local-storage access and private endpoint churn.

Next step before merge

  • [P1] No concrete automated repair remains; the next action is a maintainer decision on the fail-closed legacy-session upgrade behavior and final merge review.

Maintainer decision needed

  • Question: Should CodexBar intentionally require profile re-selection when a legacy unscoped DeepSeek Platform session cannot be associated with the active API credential or saved-account slot?
  • Rationale: Automatically reusing an unscoped legacy session preserves convenience but can mix one account's detailed usage with another account's balance; the current branch chooses the safer fail-closed upgrade behavior, which is a maintainer-owned compatibility decision.
  • Likely owner: steipete — Authored the branch's account-scope and browser-boundary repairs and has provided the most recent review direction on this implementation.
  • Options:
    • Accept fail-closed scoping (recommended): Require validated Chrome-profile selection for unscoped legacy sessions and preserve strict account isolation.
    • Add a narrow migration: Delay merge until a tested migration can associate legacy state with exactly one credential without guessing across accounts.
    • Retain balance-only support: Do not ship private-session enrichment if the browser-token and upgrade contract is not acceptable to maintainers.

Security
Cleared: No concrete security or supply-chain defect remains: the patch changes no dependencies or workflows, keeps imported Platform tokens in memory, scopes selections to accounts, and limits logs to opaque profile identifiers.

Review details

Best possible solution:

Keep the documented API balance authoritative and make Platform enrichment optional, bounded, memory-only, and fail-closed to the active credential scope, with a clear profile re-selection path when legacy state cannot be associated safely.

Do we have a high-confidence way to reproduce the issue?

Not applicable; this is a feature PR. The supplied screenshots and described multi-profile local run demonstrate the added behavior rather than reproduce a broken established contract.

Is this the best way to solve the issue?

Yes. Keeping required API balance separate from optional, bounded, account-scoped Platform enrichment is the narrowest maintainable design, and failing closed is safer than guessing how legacy sessions map to credentials.

AGENTS.md: found and applied where relevant.

Codex review notes: model internal, reasoning high; reviewed against a264acaddab9.

Label changes

Label changes:

  • add proof: sufficient: Contributor real behavior proof is sufficient. Two after-fix screenshots and the documented local multi-Chrome-profile run directly show the settings and menu surfaces and report the relevant refresh, filtering, and repopulation behavior.
  • add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
  • add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (screenshot): Two after-fix screenshots and the documented local multi-Chrome-profile run directly show the settings and menu surfaces and report the relevant refresh, filtering, and repopulation behavior.
  • remove status: 📣 needs proof: Current PR status label is status: 👀 ready for maintainer look.
  • remove rating: 🦐 gold shrimp: Current PR rating is rating: 🐚 platinum hermit, so this older rating label is no longer current.

Label justifications:

  • P2: This is a meaningful provider improvement with limited provider-specific blast radius but non-trivial account-routing and credential requirements.
  • merge-risk: 🚨 compatibility: Fail-closed credential scoping changes how legacy unscoped DeepSeek Platform sessions behave after an upgrade and may require profile re-selection.
  • merge-risk: 🚨 auth-provider: The patch binds detailed usage to API credentials, saved token-account slots, and Chrome profiles, so routing mistakes could mix account data.
  • merge-risk: 🚨 security-boundary: The patch reads authenticated bearer tokens from browser local storage and calls private endpoints, a sensitive boundary not fully settled by ordinary CI.
  • rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
  • status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (screenshot): Two after-fix screenshots and the documented local multi-Chrome-profile run directly show the settings and menu surfaces and report the relevant refresh, filtering, and repopulation behavior.
  • proof: sufficient: Contributor real behavior proof is sufficient. Two after-fix screenshots and the documented local multi-Chrome-profile run directly show the settings and menu surfaces and report the relevant refresh, filtering, and repopulation behavior.
  • proof: 📸 screenshot: Contributor real behavior proof includes screenshot evidence. Two after-fix screenshots and the documented local multi-Chrome-profile run directly show the settings and menu surfaces and report the relevant refresh, filtering, and repopulation behavior.
Evidence reviewed

What I checked:

Likely related people:

  • steipete: Authored the branch's browser-access isolation, session-scoping, localization, selected-profile prioritization, and stale-balance repairs and repeatedly reviewed the affected DeepSeek paths. (role: recent area contributor and reviewer; confidence: high; commits: 10b9a00c591a, 5b88e65f87bc, c134f1ba1ed9; files: Sources/CodexBarCore/BrowserLocalStorageAPI.swift, Sources/CodexBarCore/Providers/DeepSeek/DeepSeekPlatformTokenImporter.swift, Sources/CodexBarCore/Providers/DeepSeek/DeepSeekProviderDescriptor.swift)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.
Review history (7 earlier review cycles)
  • reviewed 2026-07-13T21:38:36.799Z sha 178b354 :: found issues before merge. :: [P1] Preserve legacy DeepSeek sessions during migration
  • reviewed 2026-07-13T23:06:05.768Z sha fc76f8a :: found issues before merge. :: [P1] Route Chrome session discovery through the browser host API
  • reviewed 2026-07-14T00:14:47.485Z sha fc76f8a :: found issues before merge. :: [P1] Route Chrome discovery through the browser host API | [P3] Remove the release-owned changelog entry
  • reviewed 2026-07-16T04:16:33.170Z sha 4249b55 :: found issues before merge. :: [P1] Route Chrome discovery through the browser host API
  • reviewed 2026-07-16T20:17:54.493Z sha 4894106 :: needs changes before merge. :: [P1] Scope legacy Platform tokens to the active account | [P2] Carry account scope into web-mode profile selection
  • reviewed 2026-07-16T21:07:35.912Z sha 4894106 :: needs changes before merge. :: [P1] Scope legacy Platform tokens to the active account | [P2] Preserve account scope during web-mode profile lookup
  • reviewed 2026-07-17T02:02:22.478Z sha ab7fa24 :: needs real behavior proof before merge. :: none

@Zihao-Qi
Zihao-Qi force-pushed the codex/deepseek-detailed-usage branch from 178b354 to fc76f8a Compare July 13, 2026 23:01
@Zihao-Qi
Zihao-Qi marked this pull request as ready for review July 14, 2026 00:05
@Zihao-Qi
Zihao-Qi force-pushed the codex/deepseek-detailed-usage branch from fc76f8a to f27decf Compare July 16, 2026 03:53

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 10b9a00c59

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +106 to +108
if let platformToken = DeepSeekSettingsReader.platformToken(environment: context.env) {
return try await operations.fetchUsage(apiKey, platformToken, true).toUsageSnapshot()
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Require account scope for platform-token enrichment

When a legacy/saved DEEPSEEK_PLATFORM_TOKEN or cookieHeader is present, this branch bypasses the scoped Chrome-profile selection entirely and enriches whichever active API key was used for the balance with the same unscoped Platform token. For users with multiple DeepSeek token accounts, switching from Personal to Work changes the balance API key but can still render Personal detailed usage beside the Work balance, defeating the account-siloing added elsewhere for profile selections.

Useful? React with 👍 / 👎.

…ed-usage

# Conflicts:
#	Sources/CodexBar/UsageStore+BackgroundRefresh.swift

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 489410645b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +207 to +210
let profileSelection = DeepSeekSettingsReader.profileSelection(
environment: context.env,
selectedTokenAccountID: nil,
apiKey: nil)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve account scope in web-mode profile lookup

When DeepSeek is forced to the web strategy while an API key or saved token account is active (for example, CLI --source web), this lookup always uses nil for both the selected account and API key. Profile choices are saved with DeepSeekSettingsReader.profileScope(selectedTokenAccountID:apiKey:) using the active key, so the stored scope will not match the browser-only scope here; with multiple valid Chrome profiles the fetch ignores the user's saved selection and returns profileSelectionRequired again. Pass the current account ID/API key into this profileSelection call as the API path does.

Useful? React with 👍 / 👎.

@steipete

Copy link
Copy Markdown
Owner

@clawsweeper re-review

@clawsweeper

clawsweeper Bot commented Jul 16, 2026

Copy link
Copy Markdown

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5b88e65f87

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +152 to +153
if lookup.freshStatus == nil || candidate.id == selection.profileID {
candidatesToValidate.append(candidate)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Don't block selected profile on unrelated validation

When a profile is already selected and the validation cache has expired (or a new Chrome profile appears), this still adds every uncached profile to the same blocking validation batch. Since validate only returns after the whole task group drains, one slow or stuck unselected profile can make the API path hit its 5-second join grace and publish balance-only data even if the selected profile's detailed usage already succeeded. Consider prioritizing/returning the selected profile result independently from background catalog validation.

Useful? React with 👍 / 👎.

@steipete

Copy link
Copy Markdown
Owner

@clawsweeper re-review

@clawsweeper

clawsweeper Bot commented Jul 16, 2026

Copy link
Copy Markdown

🦞👀
ClawSweeper picked this up.

Command router queued. I will update this comment with the next step.

@steipete

Copy link
Copy Markdown
Owner

@clawsweeper re-review

@clawsweeper

clawsweeper Bot commented Jul 16, 2026

Copy link
Copy Markdown

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

@steipete

Copy link
Copy Markdown
Owner

@clawsweeper re-review

@clawsweeper

clawsweeper Bot commented Jul 17, 2026

Copy link
Copy Markdown

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0f7731294e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

},
set: { profileID in
guard !profileID.isEmpty else { return }
context.store.beginDeepSeekProfileTransition(preservingBalance: apiKey != nil)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Do not preserve web-profile balances across profile changes

When DeepSeek is forced to the web source while an API key or token account is still configured, apiKey != nil makes the transition preserve the old primary balance even though web-mode balances come from the selected Platform/Chrome profile, not from the API key. If the user switches from one Chrome profile to another and the refresh is slow or fails, the UI can keep showing the previous profile's balance under the new profile selection; use the active source/last source instead of API-key presence before preserving the balance.

Useful? React with 👍 / 👎.

@steipete

Copy link
Copy Markdown
Owner

@clawsweeper re-review

@clawsweeper

clawsweeper Bot commented Jul 17, 2026

Copy link
Copy Markdown

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

@clawsweeper clawsweeper Bot added status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. and removed proof: sufficient Contributor real behavior proof is sufficient. status: ⏳ waiting on author ClawSweeper has contributor-facing work open and is waiting for author action. rating: 🦐 gold shrimp Decent PR readiness signal, but merge confidence is limited. status: 📣 needs proof The PR needs real behavior proof before ClawSweeper can clear the contributor ask. labels Jul 17, 2026
@steipete
steipete merged commit d9cae08 into steipete:main Jul 17, 2026
13 of 15 checks passed
@steipete

Copy link
Copy Markdown
Owner

Merged as d9cae08c7e69ef19df3e7ff9cff2851769d05c62 after maintainer fixes and exact-head verification.

Verification:

  • Reviewed the full external diff and adjacent provider/account-routing code. DeepSeek traffic is limited to api.deepseek.com and platform.deepseek.com; imported browser tokens remain in memory; logging contains only opaque status/profile metadata.
  • Routed Chrome local-storage access through the documented host API boundary in BrowserLocalStorageAPI, removing the provider-core SweetCookieKit import.
  • Preserved @joeVenner's effectiveSelectedTokenAccount rebase adaptation from Improve DeepSeek detailed usage #2216.
  • Added active-account/profile scoping, selected-profile-first validation, and source-aware transition handling so forced-web profile switches cannot show a previous profile's API balance.
  • swift test --filter DeepSeekProfileTransitionTests: passed, 1 test / 1 suite (2 parameter cases).
  • swift test --filter ProviderSettingsDescriptorTests: passed.
  • swift test --filter DeepSeek: passed, 112 tests / 10 suites.
  • swift test --filter KiroStatusProbeTests: passed, 55 tests / 1 suite. This confirmed the first macOS shard failure was an unrelated timing flake (9.978s < 8s assertion); the failed shard rerun passed.
  • make check: passed; SwiftFormat clean and SwiftLint reported 0 violations across 1,475 files.
  • Exact-head CI run 29548763329, attempt 2, for ab7fa24d20d81d322fe0279d3e3ee547170f6c9b: changes, lint, Linux x64/ARM64, both macOS shards, aggregate, and GitGuardian all green.
  • Exact-head ClawSweeper run 29548791120: patch correct, no findings, security cleared.
  • The mandated local autoreview scanner failed closed before model invocation because the provider/test diff contains API-key-shaped identifiers; no bypass was used. Manual full-diff review plus exact-head ClawSweeper review supplied the review gate.

Live DeepSeek Platform credentials were unavailable, so verification was source-level, stub/focused-test, and CI based; no live account probe was performed.

Thanks @Zihao-Qi for the implementation, and @joeVenner for the rebase help from #2216.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

merge-risk: 🚨 auth-provider 🚨 Merging this PR could break OAuth, tokens, provider routing, model choice, or credentials. merge-risk: 🚨 compatibility 🚨 Merging this PR could break existing users, config, migrations, defaults, or upgrades. merge-risk: 🚨 security-boundary 🚨 Merging this PR could weaken sandboxing, authorization, credentials, or sensitive data. P2 Normal priority bug or improvement with limited blast radius. proof: 📸 screenshot Contributor real behavior proof includes screenshot evidence. proof: sufficient Contributor real behavior proof is sufficient. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants