Add Command Code provider

[Daltonganger]

Overview

This PR adds Command Code as a first-class quota provider in OpenCode Bar.

Command Code usage can now be loaded through OpenCommand when its local proxy is running, with a direct Command Code billing API fallback that matches CodexBar's implementation.

Changes

• Added a new Command Code quota provider.
• Added OpenCommand local proxy support via /healthz and /v1/account/usage.
• Added direct Command Code billing API fallback using the browser session cookie.
• Added Comet and Chromium-based browser cookie discovery for commandcode.ai session cookies.
• Added Command Code to:
  • provider ordering
  • quota menu
  • status bar icon handling
  • subscription presets
  • CLI provider listing
• Added provider tests for:
  • Command Code cookie parsing
  • CodexBar-compatible API payloads
  • OpenCommand proxy payloads
  • quota/result conversion

Validation

• Full macOS test suite passed.
• Command Code provider tests passed.
• Debug app build passed with ENABLE_DEBUG_DYLIB=NO.
• Runtime verification confirmed:
  • Command Code appears in the quota menu.
  • ProviderManager includes Command Code in the fetch cycle.
  • Comet cookie discovery finds the Command Code session cookie.
  • Direct Command Code API fetch succeeds.

[op-gg-ai-devops]

✅ AI Code Review Completed

Review finished. Check the PR for inline comments.

---

📋 View Logs | 🤖 Model: anthropic/claude-opus-4-7|high

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3bb1ba4b65

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Use actual plan prices in Command Code presets

These preset amounts are the included credit buckets, not the monthly subscription fees, so selecting a Command Code preset will overstate monthly spend in subscription totals (for example, Go is treated as $10/m instead of the plan price). This directly skews the Quota Status: $.../m and aggregate status-bar cost for users who rely on presets instead of manual custom pricing.

Useful? React with 👍 / 👎.

[op-gg-ai-devops]

honestly, this is a clean integration. you hit literally every cross-cutting file the team's playbook calls out — ProviderIdentifier (rawValue/displayName/shortName/iconName), ProviderManager + CLIProviderManager, SubscriptionSettings, ProviderMenuBuilder, StatusBarController.usagePercentCandidates + quota order + icon switch, both status bar icon views, and the xcodeproj. that's the kind of "i read the codebase before opening the PR" energy i wish more contributors had.

the cookie discovery story is also nice — env var override → OpenCommand secrets → browser cookie extraction (with Comet added), with a sensible OpenCommand local proxy short-circuit in front of the direct API. fallback ordering is well thought out.

tests are pulling their weight too: cookie parsing variants (Secure / commandcode_prod_ / bare token / rejected), CodexBar-compatible payload, OpenCommand proxy payload, and cent-precision conversion. solid.

a few things worth tightening before merge — none are blockers, so this is APPROVE with notes:

1. Duplicate import Foundation at the top of CommandCodeProvider.swift. just a copy-paste artifact.
2. unknownPlan aborts the whole fetch when Command Code ships a new plan id. right now if subscription is active and the planID isn't in your hardcoded CommandCodePlanCatalog, the provider throws and shows nothing. the moment Command Code adds a new tier (e.g. team-pro, individual-business), users on that plan get a black-hole provider until you ship an app update. should degrade gracefully — fall back to "unknown plan, remaining credits = $X" instead of failing the whole result.
3. Dead fields in CommandCodeUsageSnapshot: premiumMonthlyCredits and opensourceMonthlyCredits are parsed and stored but never read anywhere downstream. AGENTS.md is explicit about not keeping dead code "even for minimal patch purposes."
4. snapshotFromOpenCommandUsage throws when both monthly_limit and monthly_spend + remaining are 0 — that's a legitimate state for a brand-new account with no spend yet. consider treating it as a 0%-used result with no plan instead of a hard parse error.

also a forward-looking nudge: this is the first provider using a hardcoded SF Symbol ("command") as its icon rather than an asset. fine as a placeholder, but if Command Code stays on the roster long-term, a proper asset would match the rest of the providers visually.

nice work overall — ship it after fixing the import dupe + the unknownPlan brittleness and we're golden.

---

Reviewed with anthropic/claude-opus-4-7|high

[op-gg-ai-devops]

duplicate Foundation import: dead line
duplicate import Foundation — almost certainly a copy-paste slip from auto-completion. just delete this line.

import Foundation
import os.log

[op-gg-ai-devops]

unknownPlan throw: future plan ids will black-hole the provider
this is the biggest concern in the PR — when Command Code adds a new plan id (think team-pro, individual-business, anything you haven't hardcoded into CommandCodePlanCatalog), and a user's subscription status == "active", this throw bubbles all the way up via ProviderError.providerError(...) and the entire Command Code row goes dark until you ship a new app build. that's a guaranteed support ticket the day Command Code expands their plan lineup.

graceful degradation pattern (similar to how ClaudeProvider handles unknown plans):

if let planID = subscription.planID,
   subscription.status?.lowercased() == "active",
   plan == nil {
    commandCodeLogger.warning("Unknown Command Code plan id: \(planID, privacy: .public)")
    // Continue with plan = nil. The result still shows remaining credits and
    // the plan id string in `planType`, just without an entitlement total.
}

then in makeResult, when monthlyCreditsTotal is nil, the existing fallback totalUSD = max(snapshot.monthlyCreditsRemaining, 0) already produces a usable (if 0%-used) result. user sees their balance, you get a warning log to fix later, no outage.

bonus: pass the raw planID into planType (or details.planType) so the menu shows the unknown plan name instead of "active" from subscriptionStatus.

[op-gg-ai-devops]

monthly_limit=0 misclassified as parse failure
this guard throws parseFailed("monthly_limit is missing") when both monthly_limit and monthly_spend + remaining are 0 — but that's a totally legitimate state for a brand-new OpenCommand account that hasn't spent anything yet and is on a 0-credit free tier. throwing here turns "new user, no usage" into "provider broken" in the menu.

suggestion: treat that as a valid zero-usage result instead of a parse failure.

if monthlyLimit <= 0 {
    // No spend, no remaining, no limit configured yet — degrade gracefully.
    let plan = CommandCodePlan(id: "opencommand", displayName: "OpenCommand", monthlyCreditsUSD: max(remaining, 0))
    return CommandCodeUsageSnapshot(
        monthlyCreditsRemaining: max(remaining, 0),
        purchasedCredits: 0,
        premiumMonthlyCredits: 0,
        opensourceMonthlyCredits: max(remaining, 0),
        plan: plan,
        billingPeriodEnd: resetDate,
        subscriptionStatus: "OpenCommand",
        authSource: authSource
    )
}

parseFailed should be reserved for "API returned something we genuinely don't understand," not "user has $0 of usage."

[op-gg-ai-devops]

premium/opensource credit fields: parsed but never used
premiumMonthlyCredits and opensourceMonthlyCredits are stored in the snapshot and parsed out of the credits payload (and the test even asserts the API shape includes them), but nothing downstream reads them — not makeResult, not the menu builder, not the status bar. AGENTS.md is explicit:

Don't keep dead code even if it's minimal patch purpose.

two options:

• drop both fields from CommandCodeUsageSnapshot + CreditsPayload + the JSON parser, and trim the test fixture. lightest patch.
• wire them up if the plan is to display "premium vs opensource credits remaining" later — but right now there's no consumer, so option 1 is honest.